N/A

A remote attacker can conduct a cross-site request forgery (CSRF) attack on OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028. The vulnerability is due to insufficient CSRF protections for the "mgm_config_file.asp" because of which attacker can create a crafted "csrf form" which sends " malicious xml data" to "/boaform/admin/formMgmConfigUpload". the exploit allows attacker to "gain full privileges" and to "fully compromise of router & network".

N/A

N/A

Optilink Network OP-XT71000N 跨站请求伪造漏洞

Optilink Network OP-XT71000N是印度Optilink Network公司的一款无线路由器。 Optilink Network OP-XT71000N V2.2版本存在跨站请求伪造漏洞，该漏洞源于其对mgm_config_file.asp的保护不足允许攻击者创建一个精心制作的CSRF表单将恶意xml数据发送到/boaform/admin/formMgmConfigUpload允许攻击者获得全部特权并完全破坏路由器和网络。

N/A

N/A