Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request forgery (CSRF) vulnerability. An attacker can enable remote access, change passwords, and perform other actions through misconfigured requests, entries, and headers.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| multilaser | ac1200_re018_firmware | v02.03.01.45_pt |
A vulnerability, which was classified as critical, was found in Multilaser RE057 and RE170 2.1/2.2. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-220053 was assigned to this vulnerability.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| multilaser | re170_firmware | 2.1 |
| multilaser | re057_firmware | 2.2 |
| multilaser | re170_firmware | 2.2 |
| multilaser | re057_firmware | 2.1 |
A Stored Cross-Site Scripting (XSS) vulnerability was found in Multilaser RE 170 using firmware 2.2.6733.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| multilaser | re170_firmware | 2.2.6733 |
An issue in Multilaser RE160V firmware v12.03.01.09_pt and Multilaser RE163V firmware v12.03.01.10_pt allows attackers to bypass the access control and gain complete access to the application via modifying a HTTP header.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| multilaser | re163v_firmware | 12.03.01.10_pt |
| multilaser | re160v_firmware | 12.03.01.09_pt |
Multilaser RE160 v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01, Multilaser RE160V v12.03.01.08_pt and V12.03.01.09_pt, and Multilaser RE163V v12.03.01.08_pt allows attackers to bypass the access control and gain complete access to the application via supplying a crafted URL.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| multilaser | re163v_firmware | 12.03.01.08_pt |
| multilaser | re160v_firmware | 12.03.01.08_pt |
| multilaser | re160_firmware | 5.07.51_pt_mtl01 |
| multilaser | re160v_firmware | 12.03.01.09_pt |
| multilaser | re160_firmware | 5.07.52_pt_mtl01 |
An issue in Multilaser RE160 firmware v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01 allows attackers to bypass the access control and gain complete access to the application via supplying a crafted cookie.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| multilaser | re160_firmware | 5.07.51_pt_mtl01 |
| multilaser | re160_firmware | 5.07.52_pt_mtl01 |