EDB-ID: 46324 CVE: N/A Author: SM Type: WEBAPPS Platform: HARDWARE Date: 2019-02-05 Vulnerability Details: Affected Device: devolo dLAN 550 duo+ Starter Kit (dLAN 500 AV Wireless+ 3.1.0-1 (i386)) Vulnerability Type: Cross-Site Request Forgery (CSRF) Description: The web application allows users to perform certain actions via HTTP without proper CSRF protection. Advisory Details: Advisory ID: ZSL-2019-5507 Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5507.php Exploit Details: The exploit demonstrates that even though a '_csrf' parameter is submitted, it is never checked (nor contains any value). Example Command: