Описание
Teradek Slice 7.3.15 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft a malicious web page that automatically submits password change requests to the device when a logged-in user visits the page.
Ссылки
- Exploit
- Product
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:teradek:slice_firmware:7.3.15:build31735:*:*:*:*:*:*
cpe:2.3:h:teradek:slice:2.1:*:*:*:*:*:*:*
EPSS
Процентиль: 4%
0.00018
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 5.3
github
около 1 месяца назад
Teradek Slice 7.3.15 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft a malicious web page that automatically submits password change requests to the device when a logged-in user visits the page.
EPSS
Процентиль: 4%
0.00018
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-352