The web interface of this router is affected by multiple CSRF vulnerabilities which allows to change the following device’s parameters:
- Disable Mac Filtering
- Disable/Modify IP/Port Filtering
- Disable/Modify Port Forwarding
- Disable/Modify Wireless Access Control
- Disable Wi-Fi Protected Setup
- Disable/Modify URL Blocking Filter
- Disable/Modify Domain Blocking Filter
- Disable/Modify IP Address ACL
- Change Wireless Passphrase
- Enable/Modify Remote Access (also on WAN interface)
To view my Original Advisory:
Sitecom WLM-2501 new Multiple CSRF Vulnerabilities
MITRE CVE Numbering Authority assigned me CVE-2012-1921 and CVE-2012-1922 for these vulnerabilities.
Other related publications:
Secunia Advisory SA48840
Inj3ct0r
Packet Storm
Offensive Security DB
Security Focus
IBM X-Force
OSVDB
http://packetstormsecurity.org/files/111941/Secunia-Security-Advisory-48840.html