CSRF in Mikrotik Routeros

CVE-2015-2350

Cross-site request forgery (CSRF) vulnerability in MikroTik RouterOS 5.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request in the status pag…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.002 (40.2th percentile) — read the EPSS interpretation.

Affected products

Mikrotik Routeros
N/a — versions n/a

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

73013 (vdb-entry, x_refsource_BID)
20150309 MikroTik RouterOS Admin Password Change CSRF (mailing-list, Exploit, x_refsource_FULLDISC)
cve@mitre.org (Exploit, x_refsource_MISC)