devolo dLAN 550 duo+ 3.1.0-1 Starter Kit Cross-Site Request Forgery

Discussion in 'News Aggregator' started by Packet Storm, 5 Feb 2019.

  1. Packet Storm

    Packet Storm Guest

    devolo dLAN 550 duo+ version 3.1.0-1 allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. The devolo web application uses predictable URL/form actions in a repeatable way. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

    Continue reading...
     
    #1 Packet Storm, 5 Feb 2019
(You must log in or sign up to post here.)

Share This Page

Loading...