Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities in Huawei HiLink E3236 and E3276 Devices

CVE-2014-8331 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3236 before E3276sTCPU-V200R002B470D13SP00C00 and E3276sWebUI-V100R007B100D03SP01C03 and E3276 before E3236sTCPU-V200R002B146D41SP00C00 and E3236sWebUI-V100R007B100D03SP01C03 allow remote attackers to hijack the authentication of administrators for requests that (1) change configuration settings or (2) use device functions.

Learn more about our Web App Pen Testing.