CVE-2017-11646

EUVD-2017-3258
NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to CSRF attacks, as demonstrated by using administration.html to disable the firewall. They does not contain any token that can mitigate CSRF vulnerabilities within the device.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
Affected Products (NVD)
VendorProductVersion
netcomm4gt101w_software
1.1.8.8
netcomm4gt101w_bootloader
1.1.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://iscouncil.blogspot.com/2017/07/cross-site-request-forgery.html
https://iscouncil.blogspot.com/2017/07/cross-site-request-forgery.html