CVEs-PoC/2020/CVE-2020-16208.md

### [CVE-2020-16208](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16208)
![](https://img.shields.io/static/v1?label=Product&message=N-Tron%20702-W%20%2F%20702M12-W&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CROSS-SITE%20REQUEST%20FORGERY%20(CSRF)%20CWE-352&color=brighgreen)

### Description

The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a device by luring an authenticated user to click on a crafted link on the N-Tron 702-W / 702M12-W (all versions).

### POC

#### Reference
- http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.html
- http://seclists.org/fulldisclosure/2020/Sep/6

#### Github
- https://github.com/404notf0und/CVE-Flow