Home / os / winmobile

devolo dLAN 550 duo+ 3.1.0-1 Starter Kit Cross-Site Request Forgery

Posted on 05 February 2019

devolo dLAN 550 duo+ version 3.1.0-1 allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. The devolo web application uses predictable URL/form actions in a repeatable way. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

 

TOP

Malware :

Exploits :