Vulnerability Note VU#525276
Philippine Long Distance Telephone SpeedSurf 504AN and Kasda KW58293 contain multiple vulnerabilities
The Phillipine Long Distance Telephone (PLDT) company provides internet access in the Phillippines. The SpeedSurf 504AN and Kasda KW58293 modems distributed by PLDT contain multiple vulnerabilities. The BaudTec ADSL2+ Router may also be affected.
PLDT provides SpeedSurf 504AN, firmware version GAN9.8U26-4-TX-R6B018-PH.EN, and the Kasda KW58293, to customers for internet access. These devices contains multiple vulnerabilities.
CWE-352: Cross-Site Request Forgery (CSRF) - CVE-2015-5991
A remote attacker may utilize these credentials to gain administrator access to the device. A remote attacker may also be able to cause a denial of service.
The CERT/CC is currently unaware of a practical solution to this problem.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Philippine Long Distance Telephone||Affected||02 Jun 2015||28 Aug 2015|
CVSS Metrics (Learn More)
Thanks to Eskie Cirrus James Maquilang for reporting this vulnerability to us.
This document was written by Garret Wassermann.
- CVE IDs: CVE-2015-5991 CVE-2015-5992 CVE-2015-5993
- Date Public: 31 Aug 2015
- Date First Published: 31 Aug 2015
- Date Last Updated: 17 Apr 2016
- Document Revision: 51
If you have feedback, comments, or additional information about this vulnerability, please send us email.