PatchSiren cyber security CVE debrief

CVE-2017-6127 Digisol CVE debrief

CVE-2017-6127 is a high-severity cross-site request forgery issue in the DIGISOL DG-HR1400 Wireless Router web access portal. According to the CVE record, crafted requests to form2WlanBasicSetup.cgi can be used to hijack an authenticated administrator’s session and change wireless settings such as the SSID or Wi‑Fi password. Because the vulnerability is network-reachable and requires only user interaction from a logged-in administrator, it is especially important to treat exposed router admin interfaces as sensitive assets.

Vendor: Digisol
Product: CVE-2017-6127
CVSS: HIGH 8.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-21
Original CVE updated: 2026-05-13
Advisory published: 2017-02-21
Advisory updated: 2026-05-13

Who should care

Organizations or individuals using DIGISOL DG-HR1400 Wireless Router firmware 1.00.02, especially anyone exposing the router’s web admin portal beyond a trusted management network. Network defenders, SOHO administrators, and incident responders should care if administrators can browse the internet while logged in to the device.

Technical summary

NVD records CVE-2017-6127 as a CSRF weakness (CWE-352) affecting DIGISOL DG-HR1400 firmware 1.00.02, with CVSS 3.0 vector AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (8.8). The issue is described as multiple CSRF vulnerabilities in the access portal, where crafted requests to form2WlanBasicSetup.cgi can change SSID and Wi‑Fi password, with possible additional unspecified impact. The attack pattern depends on an authenticated administrator being induced to submit a malicious request while logged in.

Defensive priority

High

Recommended defensive actions

Confirm whether any DIGISOL DG-HR1400 devices are running firmware 1.00.02 and inventory where the admin portal is reachable.
Restrict router administration to trusted management networks and avoid exposing the web portal to the internet.
Prevent administrators from using untrusted web content while logged in to the router admin interface.
Check Digisol support for a firmware release that addresses this issue; if no fixed firmware is available, isolate, harden, or replace affected devices.
Review wireless configuration change logs and administrative activity for unexpected SSID or password changes.

Evidence notes

All substantive claims are taken from the supplied CVE/NVD corpus. The CVE description states that the access portal on DIGISOL DG-HR1400 Wireless Router firmware 1.00.02 has multiple CSRF vulnerabilities affecting SSID and Wi‑Fi password changes via form2WlanBasicSetup.cgi. NVD maps the weakness to CWE-352 and assigns CVSS 3.0 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (8.8). The supplied metadata also lists references to a Full Disclosure post, SecurityFocus BID 96369, and a Google Drive third-party advisory/exploit reference. The CVE published date is 2017-02-21; the 2026-05-13 modified date reflects a record update, not the original vulnerability date.

Official resources

CVE-2017-6127 CVE record
CVE.org
CVE-2017-6127 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Exploit, Third Party Advisory

Publicly disclosed in the CVE/NVD record on 2017-02-21. The record was later modified on 2026-05-13; that date should be treated as a metadata update, not the vulnerability’s disclosure date.