Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities on the iSpot 2.0.0.0 R1679, and the ClearSpot 2.0.0.0 R1512 and R1786, with firmware 1.9.9.4 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the cmd parameter in an act_cmd_result action to webmain.cgi, (2) enable remote management via an enable_remote_access act_network_set action to webmain.cgi, (3) enable the TELNET service via an ENABLE_TELNET act_set_wimax_etc_config action to webmain.cgi, (4) enable TELNET sessions via a certain act_network_set action to webmain.cgi, or (5) read arbitrary files via the FILE_PATH parameter in an act_file_download action to upgrademain.cgi.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Clear iSpot和ClearSpot多个跨站请求伪造漏洞
Vulnerability Description
ISpot 2.0.0.0 R1679,ClearSpot 2.0.0.0 R1512和R1786版本中存在多个跨站请求伪造漏洞。远程攻击者可以利用这些漏洞劫持管理员认证来获得以下请求:(1)借助对webmain.cgi文件的act_cmd_result操作中的cmd参数执行任意命令的请求;(2)借助对ebmain.cgi文件的enable_remote_access act_network_set操作启动远程管理的请求;(3)借助向webmain.cgi文件的ENABLE_TELNET act_set_
CVSS Information
N/A
Vulnerability Type
N/A