Medium severity4.3NVD Advisory· Published Dec 24, 2025· Updated Apr 15, 2026
CVE-2018-25151
CVE-2018-25151
Description
Ecessa WANWorx WVR-30 versions before 10.7.4 contain a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft a malicious web page with a hidden form to create a new superuser account by tricking an authenticated administrator into loading the page.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <10.7.4
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.