# Exploit Title: Ecessa ShieldLink SL175EHQ 10.7.4 - Cross-Site Request Forgery (Add Superuser) # Date: 2018-05-21 # Vendor: Ecessa Corporation # Product web page: https://www.ecessa.com # Affected version: 10.7.4, 10.6.9, 10.7.4, 10.6.5.2, 10.5.4, 10.2.24, 9.2.24 # Summary: Ecessa's ShieldLink 60, 175, 600,1200 & 4000 are advanced, yet highly # affordable secure WAN Optimization Controllers that incorporate all of the ISP/WAN # link. # Desc: The application interface allows users to perform certain actions via # HTTP requests without performing any validity checks to verify the requests. # This can be exploited to perform certain actions with administrative privileges # if a logged-in user visits a malicious web site.