CVE-2020-23582

Vulnerability

The /admin/wlmultipleap.asp endpoint in optilink OP-XT71000N firmware version OP_V3.3.1-191028 (hardware version V2.2) is vulnerable to cross-site request forgery (CSRF). An unauthenticated attacker can trick an authenticated administrator into performing unintended actions, such as creating multiple WLAN BSSIDs, without their consent [1].

Exploitation

An attacker needs to craft a malicious web page or link that, when visited by an authenticated administrator, triggers a forged HTTP request to /admin/wlmultipleap.asp. The request is automatically sent with the administrator's cookies, allowing the attacker to create arbitrary WLAN BSSIDs on the device [1].

Impact

Successful exploitation allows the attacker to create multiple WLAN BSSIDs on the device, potentially leading to network configuration changes, denial of service, or unauthorized network access. The attacker does not need authentication credentials to execute the CSRF attack, but the victim must have an active session [1].

Mitigation

As of the latest available information, no official patch has been released by optilink. Users are advised to implement general CSRF protections, such as using anti-CSRF tokens or ensuring the administration interface is only accessible over trusted networks. The device may be end-of-life; consider replacing it with a supported alternative [1].