[原文]Cross-site request forgery (CSRF) vulnerability in L-04D firmware version V10a and V10b allows remote attackers to hijack the authentication of administrators to perform arbitrary operations via unspecified vectors.
NTT Docomo L-04D Mobile WiFi Router is prone to a cross-site request forgery vulnerability because it fails to properly validate HTTP requests.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. This may lead to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.
Updates are available. Please see the references or vendor advisory for more information.