Cross-site request forgery (CSRF) vulnerability in cgi-bin/system_setting.exe in Belkin F5D8236-4 v2 allows remote attackers to hijack the authentication of administrators for requests that open the remote management interface on arbitrary ports via the remote_mgmt_enabled and remote_mgmt_port parameters.

Multiple cross-site scripting (XSS) vulnerabilities in Belkin Model F5D8236-4 v2 router allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.