Описание
A Cross-site Request Forgery issue was discovered in JanTek JTC-200, all versions. An attacker could perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.
Ссылки
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:jantek:jtc-200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:jantek:jtc-200:-:*:*:*:*:*:*:*
EPSS
Процентиль: 22%
0.00072
Низкий
8 High
CVSS3
6 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 8
github
больше 3 лет назад
A Cross-site Request Forgery issue was discovered in JanTek JTC-200, all versions. An attacker could perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request.
EPSS
Процентиль: 22%
0.00072
Низкий
8 High
CVSS3
6 Medium
CVSS2
Дефекты
CWE-352