Web: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23585

Nov. 23, 2022, 1:15 a.m. |

National Vulnerability Database nist.gov

A remote attacker can conduct a cross-site request forgery (CSRF) attack on OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028. The vulnerability is due to insufficient CSRF protections for the "mgm_config_file.asp" because of which attacker can create a crafted "csrf form" which sends " malicious xml data" to "/boaform/admin/formMgmConfigUpload". the exploit allows attacker to "gain full privileges" and to "fully compromise of router & network".

cve

Senior Cloud Security Engineer

@ HelloFresh | Berlin, Germany

Senior Security Engineer

@ Reverb | Remote, US

I.S. Security Analyst

@ YVFWC | Yakima, WA

Cybersecurity GRC Manager

@ Bitcoin Depot | Remote

Staff, Security Engineer (IT Infra Security Engineering)

@ Coupang | Seoul, South Korea

Principal DevSecOps Engineer (Remote)

@ Raft | Remote

Territory Account Manager - Cybersecurity - Baton Rogue

@ Optiv | Baton Rouge, LA

Analista de Segurança da Informação II (Application Security)

@ Loggi | São Paulo, State of São Paulo, Brazil - Remote

DevSecOps Solutions Architect Lead (AI/ML)

@ Rackner | United States

Senior Cryptography Engineer

@ Copper.co | Remote - UK and Europe

Security Research Manager

@ Nozomi Networks | Italy

Information Security Azure Expert (m/w/d)

@ Roland Berger | Munich, Germany