Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2020-23585

Published: 23/11/2022 Updated: 23/11/2022
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
Subscribe to Optilinknetwork

Vulnerability Summary

A remote attacker can conduct a cross-site request forgery (CSRF) attack on OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028. The vulnerability is due to insufficient CSRF protections for the "mgm_config_file.asp" because of which attacker can create a crafted "csrf form" which sends " malicious xml data" to "/boaform/admin/formMgmConfigUpload". the exploit allows malicious user to "gain full privileges" and to "fully compromise of router & network".

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

optilinknetwork op-xt71000n_firmware 3.3.1-191028

Github Repositories

CVE-2020-23585 cross-site request forgery (CSRF) attack on "OPTILINK OP-XT71000N Hardware Version: V22 , Firmware Version: OP_V331-191028"

CVE-2020-23585 A remote attacker can conduct a cross-site request forgery (CSRF) attack on OPTILINK OP-XT71000N Hardware Version: V22 , Firmware Version: OP_V331-191028 The vulnerability is due to insufficient CSRF protections for the "mgm_config_fileasp" because of which attacker can create a crafted "csrf form" which sends " malicious xml data&qu

References

CWE-352https://github.com/huzaifahussain98/CVE-2020-23585https://github.com/huzaifahussain98/CVE-2020-23585https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
file inclusionCVE-2021-41144CVE-2022-34689CVE-2023-22242CVE-2023-22322XML injectionCVE-2022-39811CVE-2022-31711buffer overflow
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook