CVE-2020-23585

A remote attacker can conduct a cross-site request forgery (CSRF) attack on OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028. The vulnerability is due to insufficient CSRF protections for the «mgm_config_file.asp» because of which attacker can create a crafted «csrf form» which sends » malicious xml data» to «/boaform/admin/formMgmConfigUpload». the exploit allows attacker to «gain full privileges» and to «fully compromise of router & network».




twitter facebook youtube