一、 漏洞 CVE-2021-47820 基础信息
漏洞信息
# Ubee EVW327 跨站请求伪造漏洞
N/A
神龙判断
是否为 Web 类漏洞: 未知
判断理由:
N/A
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Ubee EVW327 - 'Enable Remote Access' Cross-Site Request Forgery (CSRF)
来源:美国国家漏洞数据库 NVD
漏洞描述信息
Ubee EVW327 contains a cross-site request forgery vulnerability that allows attackers to enable remote access without user interaction. Attackers can craft a malicious webpage that automatically submits a form to change router remote access settings to port 8080 without the user's consent.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
来源:美国国家漏洞数据库 NVD
漏洞类别
跨站请求伪造(CSRF)
来源:美国国家漏洞数据库 NVD
二、漏洞 CVE-2021-47820 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
三、漏洞 CVE-2021-47820 的情报信息
标题: Ubee EVW327 - 'Enable Remote Access' Cross-Site Request Forgery (CSRF) - Hardware webapps Exploit -- 🔗来源链接
标签:exploit
神龙速读:- **漏洞标题**: Ubee EVW327 - 'Enable Remote Access' Cross-Site Request Forgery (CSRF) - **EED-ID**: 49920 - **CVE编号**: N/A - **作者**: lated - **类型**: WebApps - **平台**: Hardware - **日期**: 2021-06-01 - **已验证**: 未验证 (EED Verified: ✗) - **漏洞应用**: EVW327 - **相关代码片段**: ```html <form action="http://192.168.0.1/goForm/UbeeMgmtRemoteAccess" method="POST"> <input type="hidden" name="RemoteAccessEnable" value="1"/> ``` - **供应商主页**: https://www.ubeeinteractive.com - **版本**: EVW327
标题: Ubee Interactive Holding Corp. Taiwan Branch -- 🔗来源链接
标签:product
神龙速读:- **Company Information:** - Ubee Interactive specializes in advanced broadband solutions for top-tier cable and telecommunications service providers across Europe and the Americas. - Focus on delivering high-speed internet experiences to meet increasing bandwidth demands. - **Recruitment Emphasis:** - Prioritizes character and talent in recruitment. - Offers competitive financial compensation and comprehensive benefits for employees. - **Business Offerings:** - Simplifying solutions for service providers. - Providing fast, reliable bandwidth for subscribers. - **Contact and Legal Information:** - Includes links to 'Company,' 'Solutions,' 'Careers,' and 'Contact Us.' - Specifies Ubee Interactive Holding Corp. Taiwan Branch and associated entities. - Copyright © 2025 Ubee Interactive Holding Corp. Taiwan Branch. All Rights Reserved.
标题: Ubee EVW327 - 'Enable Remote Access' Cross-Site Request Forgery (CSRF) | Advisories | VulnCheck -- 🔗来源链接
标签:third-party-advisory
神龙速读:### 关键漏洞信息 - **标题**: Ubee EVW327 - 'Enable Remote Access' Cross-Site Request Forgery (CSRF) - **严重程度**: MEDIUM - **日期**: January 16, 2026 - **影响设备**: Ubee EVW327 - **CVE编号**: CVE-2021-47820 - **漏洞类型**: CWE-352 Cross-Site Request Forgery (CSRF) - **CVSS评分**: 6.4/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N - **参考资料**: - [ExploitDB-49920](#) - [Ubee Interactive Official Homepage](#) - **描述**: Ubee EVW327存在一个跨站请求伪造漏洞,允许攻击者在无需用户交互的情况下启用远程访问。攻击者可以创建一个恶意网页,自动提交一个表单来更改路由器的远程访问设置到端口8080,而无需用户的同意。
- https://nvd.nist.gov/vuln/detail/CVE-2021-47820
四、漏洞 CVE-2021-47820 的评论
暂无评论