4.3
CVSSv2

CVE-2021-25327

Published: 09/04/2021 Updated: 04/05/2021
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Skyworth Digital Technology RN510 V.3.1.0.4 contains a cross-site request forgery (CSRF) vulnerability in /cgi-bin/net-routeadd.asp and /cgi-bin/sec-urlfilter.asp. Missing CSRF protection in devices can lead to XSRF, as the above pages are vulnerable to cross-site scripting (XSS).

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

skyworthdigital rn510_firmware 3.1.0.4

Mailing Lists

Shenzhen Skyworth RN510 suffers from cross site request forgery and cross site scripting vulnerabilities ...
Overview ======== Title:- Authenticated XSRF in RN510 Mesh Extender CVE-ID :- CVE-2021-25327 Author: Kaustubh G Padwad Vendor: Shenzhen Skyworth Digital Technology Company Ltd(wwwskyworthdigitalcom/products) Products:      1 RN510 with firmware V3104 (Tested and verified) Potential     2RN620 with respective firmware or be ...

Github Repositories

CVE-2021-25327 Proof-of-Concept (PoC) script to exploit CVE-2021-25327 Usage Achieves exploitation of CVE-2021-25327 chmod +x CVE-2021-25327sh /CVE-2021-25327sh -c <TargetIP> /CVE-2021-25327sh -l <ListoFIPs>