CVE-2020-13620

Fastweb FASTGate GPON FGA2130FWB devices through 2020-05-26 allow CSRF via the router administration web panel, leading to an attacker's ability to perform administrative actions such as modifying the configuration.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
VendorProductVersion
fastwebfastgate_gpon_fga2130fwb_firmware
𝑥
≤ 2020-05-26
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://lucadidomenico.medium.com/fastgate-gpon-cross-site-request-forgery-cve-2020-13620-e279f3fbaee4
https://members.backbox.org/fastgate-gpon-cross-site-request-forgery/
https://lucadidomenico.medium.com/fastgate-gpon-cross-site-request-forgery-cve-2020-13620-e279f3fbaee4
https://members.backbox.org/fastgate-gpon-cross-site-request-forgery/