CVE-2021-40518

Vulnerability

Airangel HSMX Gateway devices through version 5.2.04 are vulnerable to Cross-Site Request Forgery (CSRF) in the web management interface. The vulnerability allows an attacker to trick an authenticated administrator into executing unintended actions. Affected versions include all firmware releases up to and including 5.2.04 [1].

Exploitation

An attacker must craft a malicious link or page that, when visited by an authenticated administrator, triggers a request to the HSMX Gateway's web interface. No special network position is required beyond the ability to deliver the payload (e.g., via email or a compromised website). The attacker does not need authentication themselves. The CSRF token is missing or improperly validated, enabling the attack.

Impact

Successful exploitation allows the attacker to perform any action the administrator can, such as modifying gateway configuration, adding users, or changing network settings. This could lead to full compromise of the gateway and potentially the network it manages.

Mitigation

As of the publication date (2021-11-10), no official patch or workaround has been disclosed in the available references. Users should monitor Airangel's website for updates. If possible, restrict access to the management interface to trusted IPs and ensure administrators are aware of CSRF risks.