CVE-2020-23586
OPTILINK E-PON "MODEL NO: OP-XT71000N" with "HARDWARE VERSION: V2.2"; & "FIRMWARE VERSION: OP_V3.3.1-191028"
vulnerability found in the "OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028"which allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Add Network Traffic Control Type Rule.
TARGET
/net_qos_cls_edit.asp
Attack Vector
net_qos_cls_edit.asp allows to Add Network Traffic Control Type Rule and does not have sufficient CSRF protections.
REGARDS
Huzaifa Hussain