CVE-2020-13620

EUVD-2020-5864
Fastweb FASTGate GPON FGA2130FWB devices through 2020-05-26 allow CSRF via the router administration web panel, leading to an attacker's ability to perform administrative actions such as modifying the configuration.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
Affected Products (NVD)
VendorProductVersion
fastwebfastgate_gpon_fga2130fwb_firmware
𝑥
≤ 2020-05-26
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://lucadidomenico.medium.com/fastgate-gpon-cross-site-request-forgery-cve-2020-13620-e279f3fbaee4
https://members.backbox.org/fastgate-gpon-cross-site-request-forgery/
https://lucadidomenico.medium.com/fastgate-gpon-cross-site-request-forgery-cve-2020-13620-e279f3fbaee4
https://members.backbox.org/fastgate-gpon-cross-site-request-forgery/