Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L
Lifecycle Timeline
7DescriptionCVE.org
A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by luring them to a malicious webpage. This can silently alter the device’s configuration without the victim’s knowledge or consent. Availability impact was set to low because after a successful attack the device will automatically recover without external intervention.
AnalysisAI
A CSRF vulnerability in A CSRF vulnerability in the Link Aggregation configuration interface (CVSS 7.1) that allows an unauthenticated remote attacker. High severity vulnerability requiring prompt remediation.
Technical ContextAI
CWE-352 (Cross-Site Request Forgery). CVSS 7.1 indicates high severity. Affects A CSRF vulnerability in the Link Aggregation configuration interface.
RemediationAI
Monitor vendor channels for patch availability.
More in Fl Switch 2005
View allArbitrary command execution with root privileges affects multiple Fl Switch and Fl Nat devices through improper handling
A cross-site scripting vulnerability (CVSS 7.1) that allows an unauthenticated remote attacker. High severity vulnerabil
A buffer overflow vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.
A buffer overflow vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.
A buffer overflow vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.
Denial of service in Stack Overflow and Fl networking devices results from a stack-based buffer overflow in the file ins
A buffer overflow vulnerability (CVSS 4.9) that allows a high-privileged attacker. Remediation should follow standard vu
Same weakness CWE-352 – Cross-Site Request Forgery (CSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-12794