Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6823

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-6823
Last Modified 11 Jun 2009 12:00:00
Published 04 Jun 2009 12:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-6823

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface on the A-LINK WL54AP3 and WL54AP2 access points before firmware 1.4.2-eng1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify the network configuration via certain parameters to goform/formWanTcpipSetup or (2) modify credentials via certain parameters to goform/formPasswordSetup.

Vulnerable Systems


References

MISC - http://www.louhinetworks.fi/advisory/alink_081028.txt

XF - wl54ap3-wl54ap2-interface-csrf(46256)

XF - wl54ap3-wl54ap2-domain-name-xss(46255)

BID - 32008

BUGTRAQ - 20081031 A-Link WL54AP3 and WL54AP2 CSRF+XSS vulnerability

OSVDB - 49465

MILW0RM - 6899

CONFIRM - http://www.a-link.com/WL54AP3.html

SECUNIA - 32421

OSVDB - 49466


Last Updated: 27 May 2016 10:49:21