ercolino
28-01-2008, 17:08
Secunia Advisory: SA28618
Release Date: 2008-01-28
Critical: Less critical
Impact: Security Bypass
Cross Site Scripting
Where: From remote
Solution Status: Unpatched
OS: Alice Gate2 Plus Wi-Fi
Description:
WarGame/DoomRiderz has reported a vulnerability in Alice Gate2 Plus Wi-Fi, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site request forgery attacks.
The vulnerability is caused due to the device allowing users to perform certain actions via HTTP requests, without checking the validity of the request or proper authentication of the user sending the request. This can be exploited by malicious people to e.g. disable the encryption of the wireless network by tricking a user into visiting a malicious site.
Solution:
Visit trusted sites only. Use a firewall to restrict access to the affected device.
Bollettino di Sicurezza (http://secunia.com/advisories/28618/)
Release Date: 2008-01-28
Critical: Less critical
Impact: Security Bypass
Cross Site Scripting
Where: From remote
Solution Status: Unpatched
OS: Alice Gate2 Plus Wi-Fi
Description:
WarGame/DoomRiderz has reported a vulnerability in Alice Gate2 Plus Wi-Fi, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site request forgery attacks.
The vulnerability is caused due to the device allowing users to perform certain actions via HTTP requests, without checking the validity of the request or proper authentication of the user sending the request. This can be exploited by malicious people to e.g. disable the encryption of the wireless network by tricking a user into visiting a malicious site.
Solution:
Visit trusted sites only. Use a firewall to restrict access to the affected device.
Bollettino di Sicurezza (http://secunia.com/advisories/28618/)