8.8
CVSSv3

CVE-2020-23585

Published: 23/11/2022 Updated: 23/11/2022
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

Vulnerability Summary

A remote attacker can conduct a cross-site request forgery (CSRF) attack on OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028. The vulnerability is due to insufficient CSRF protections for the "mgm_config_file.asp" because of which attacker can create a crafted "csrf form" which sends " malicious xml data" to "/boaform/admin/formMgmConfigUpload". the exploit allows malicious user to "gain full privileges" and to "fully compromise of router & network".

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

optilinknetwork op-xt71000n_firmware 3.3.1-191028

Github Repositories

CVE-2020-23585 cross-site request forgery (CSRF) attack on "OPTILINK OP-XT71000N Hardware Version: V22 , Firmware Version: OP_V331-191028"