CSRF Vulnerability in PLDT SpeedSurf 504AN and Kasda KW58293 Devices

CSRF Vulnerability in PLDT SpeedSurf 504AN and Kasda KW58293 Devices

CVE-2015-5991 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Cross-site request forgery (CSRF) vulnerability in form2WlanSetup.cgi on Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to hijack the authentication of administrators for requests that perform setup operations, as demonstrated by modifying network settings.

Learn more about our Network Penetration Testing.