CVE-2014-7281

Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
tendaa32_firmware
5.07.53_cn:_cn
tendaa32
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/show/osvdb/113308
http://packetstormsecurity.com/files/128671/Tenda-A32-Cross-Site-Request-Forgery.html
http://www.exploit-db.com/exploits/34969
http://osvdb.org/show/osvdb/113308
http://packetstormsecurity.com/files/128671/Tenda-A32-Cross-Site-Request-Forgery.html
http://www.exploit-db.com/exploits/34969