CVE-2021-32403

CVE Database · CVE-2021-32403

CVE-2021-32403

· HIGHModified

CVSS v3.1

8.8

EPSS

2.47%

Published

May 17, 2021

Modified

Nov 21, 2024

Public PoC / Exploit (2)

All weaponized →

Exploit-DBIntelbras Router RF 301K - 'DNS Hijacking' Cross-Site Request Forgery (CSRF)TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of security mechanisms for token protection and unsafe inputs and modules.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-352

Affected Products (2)

intelbras · rf_301k_firmwarevulnerable

intelbras · rf_301k

References (4)

http://packetstormsecurity.com/files/163023/Intelbras-Router-RF-301K-Cross-Site-Request-Forgery.html

ExploitThird Party AdvisoryVDB Entry

https://www.youtube.com/watch?v=1Ed-2xBFG3M

ExploitThird Party Advisory

http://packetstormsecurity.com/files/163023/Intelbras-Router-RF-301K-Cross-Site-Request-Forgery.html

ExploitThird Party AdvisoryVDB Entry

https://www.youtube.com/watch?v=1Ed-2xBFG3M

ExploitThird Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs