OPTILINK E-PON "MODEL NO: OP-XT71000N" with "HARDWARE VERSION: V2.2"; & "FIRMWARE VERSION: OP_V3.3.1-191028"
Found vulnerability in the "OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028" allow an unauthenticated, remote attacker to conduct a cross site request forgery (CSRF) attack to enable syslog mode through ' /mgm_log_cfg.asp '. system starts to log events, 'Remote' mode or 'Both' mode on "Syslog -- Configuration page" logs events and sends to remote syslog server IP and Port.
TARGET
/mgm_log_cfg.asp
Attack Vector
CSRF attack to enable syslog mode through ' /mgm_log_cfg.asp ' and sends to remote syslog server IP and Port.
REGARDS
Huzaifa Hussain