exploitDog

GHSA-38q3-97f6-wg52

Опубликовано: 03 мар. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

In Bitaxe ESP-Miner before 2.5.0 with AxeOS, one can use an /api/system CSRF attack to update the payout address (aka stratumUser) for a Bitaxe Bitcoin miner, or change the frequency and voltage settings.

In Bitaxe ESP-Miner before 2.5.0 with AxeOS, one can use an /api/system CSRF attack to update the payout address (aka stratumUser) for a Bitaxe Bitcoin miner, or change the frequency and voltage settings.

Ссылки

EPSS

Процентиль: 20%

0.00063

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2025-27579

CVSS3: 5.4

nvd

11 месяцев назад

In Bitaxe ESP-Miner before 2.5.0 with AxeOS, one can use an /api/system CSRF attack to update the payout address (aka stratumUser) for a Bitaxe Bitcoin miner, or change the frequency and voltage settings.

EPSS

Процентиль: 20%

0.00063

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-352