Vulnerability Details CVE-2022-45724
Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page to force the server to generate a SESSION_ID, and using this SESSION_ID an attacker can then perform authenticated requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.5%
CVSS Severity
CVSS v3 Score 5.4
References
Products affected by CVE-2022-45724
-
cpe:2.3:h:comfast:cf-wr610n:-
-
cpe:2.3:o:comfast:cf-wr610n_firmware:2.3.1