N/A

A Cross-Site Request Forgery issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Affected devices do not verify if a request was intentionally sent by the logged-in user, which may allow an attacker to trick a client into making an unintentional request to the web server that will be treated as an authentic request.

N/A

跨站请求伪造(CSRF)

Sierra Wireless AirLink Raven XE和XT 跨站请求伪造漏洞

Sierra Wireless AirLink Raven XE和XT都是加拿大Sierra Wireless公司的无线网关产品。 Sierra Wireless AirLink Raven XE 4.0.14之前的版本和XT 4.0.11之前的版本中存在跨站脚本漏洞，该漏洞源于程序没有验证请求是否为当前用户所发。攻击者可利用该漏洞执行未授权的操作。

N/A

N/A