exploitDog

CVE-2018-25151

Опубликовано: 24 дек. 2025

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

Ecessa WANWorx WVR-30 versions before 10.7.4 contain a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft a malicious web page with a hidden form to create a new superuser account by tricking an authenticated administrator into loading the page.

Ссылки

EPSS

Процентиль: 3%

0.00016

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-3fjq-mm23-rr9w

CVSS3: 4.3

github

около 1 месяца назад

Ecessa WANWorx WVR-30 versions before 10.7.4 contain a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft a malicious web page with a hidden form to create a new superuser account by tricking an authenticated administrator into loading the page.

EPSS

Процентиль: 3%

0.00016

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-352