Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface on the A-LINK WL54AP3 and WL54AP2 access points before firmware 1.4.2-eng1 allow remote malicious users to hijack the authentication of administrators for requests that (1) modify the network configuration via certain parameters to goform/formWanTcpipSetup or (2) modify credentials via certain parameters to goform/formPasswordSetup.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
a-link wl54ap2 1.2.4 |
||
a-link wl54ap2 1.2.5 |
||
a-link wl54ap2 1.2.6 |
||
a-link wl54ap2 1.2.7 |
||
a-link wl54ap2 1.2.8 |
||
a-link wl54ap2 1.2.0 |
||
a-link wl54ap2 1.2.1 |
||
a-link wl54ap2 1.2.9 |
||
a-link wl54ap2 1.4.0 |
||
a-link wl54ap2 1.2.2 |
||
a-link wl54ap2 1.2.3 |
||
a-link wl54ap2 |
||
a-link wl54ap3 1.2.0 |
||
a-link wl54ap3 1.2.1 |
||
a-link wl54ap3 1.2.8 |
||
a-link wl54ap3 1.2.9 |
||
a-link wl54ap3 1.2.2 |
||
a-link wl54ap3 1.2.3 |
||
a-link wl54ap3 1.2.4 |
||
a-link wl54ap3 1.2.5 |
||
a-link wl54ap3 1.4.0 |
||
a-link wl54ap3 |
||
a-link wl54ap3 1.2.6 |
||
a-link wl54ap3 1.2.7 |