CVE-2020-23593

Vulnerability

The OPTILINK OP-XT71000N router with Hardware Version V2.2 and Firmware Version OP_V3.3.1-191028 contains a cross-site request forgery (CSRF) vulnerability in the /mgm_log_cfg.asp endpoint. An unauthenticated remote attacker can exploit this to enable syslog mode without the administrator's consent [1].

Exploitation

The attacker crafts a malicious web page or link that, when visited by an authenticated administrator, triggers a CSRF request to /mgm_log_cfg.asp. This request changes the syslog configuration to 'Remote' or 'Both' mode, causing the device to send log events to a remote syslog server specified by the attacker (IP and port). No authentication is required for the CSRF attack itself, but the administrator must be logged into the router's web interface [1].

Impact

Successful exploitation allows the attacker to receive sensitive system logs from the router, potentially including information about network activity, authentication attempts, and other events. This constitutes an information disclosure vulnerability [1].

Mitigation

As of the publication date (2022-11-23), no official patch or firmware update has been released by OPTILINK to address this CSRF vulnerability. Users should consider restricting access to the router's management interface, using strong passwords, and monitoring for suspicious activity. Alternatively, disabling the web interface or using a VPN may reduce exposure [1].