Web Caster V130 Cross-Site Request Forgery Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in Web Caster V130 routers, specifically in firmware versions through 1.08. This vulnerability allows an attacker to manipulate the device's settings without the user's consent. The issue arises when a logged-in user is tricked into viewing a malicious page, which can then send unauthorized requests to the router's web interface.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in the router's configuration.

Remediation

Users can update the firmware to the latest version. For those with the 'manual update' option selected, the latest firmware can be downloaded from the NTT West or NTT East support websites. The default setting for firmware updates is 'automatic', which will update the device to the latest version without user intervention.