HIGH🇵🇱 Wersja polska

CVE-2017-16886

CVSS 8.8v3.0pub. 2018-01-12upd. 2024-11-21

The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services via CSRF can result in an unauthorized change of username or password of the administrator of the portal.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Fiberhome Lm53q1

    HW
    Fiberhome
    wszystkie wersje
  • Fiberhome Lm53q1 Firmware

    OS
    Fiberhome
    vh519r05c01s38
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2017-16885CRITICAL9.8ten sam produkt

Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R05C01S38 devices (intended for obtaining...

CVE-2017-16887CRITICAL9.8ten sam produkt

The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order t...

CVE-2025-63353CRITICAL9.8PL ✓ten sam vendor

FiberHome HG6145F1 — przewidywalne domyślne hasło Wi-Fi na podstawie SSID

CVE-2021-27143CRITICAL9.8ten sam vendor

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded use...

CVE-2021-27141CRITICAL9.8ten sam vendor

An issue was discovered on FiberHome HG6245D devices through RP2613. Credentials in /fhconf/umconfig.txt are o...