exploitDog

CVE-2019-20071

Опубликовано: 30 дек. 2019

Источник: nvd

CVSS3: 6.5

CVSS2: 5.8

EPSS Низкий

Описание

On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs.

Ссылки

https://drive.google.com/open?id=1XtSsH-1ApxRS7VExubz8zBEyENVQGhUc
Exploit
Third Party Advisory
https://drive.google.com/open?id=1p4HJ5C20TqY0rVNffdD5Zd7S_bGvDhnk
Exploit
Third Party Advisory
https://fatihhcelik.blogspot.com/2019/12/csrf-vulnerability-on-clean-log-netis.html
Exploit
Third Party Advisory
https://drive.google.com/open?id=1XtSsH-1ApxRS7VExubz8zBEyENVQGhUc
Exploit
Third Party Advisory
https://drive.google.com/open?id=1p4HJ5C20TqY0rVNffdD5Zd7S_bGvDhnk
Exploit
Third Party Advisory
https://fatihhcelik.blogspot.com/2019/12/csrf-vulnerability-on-clean-log-netis.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:netis-systems:dl4343_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netis-systems:dl4343:-:*:*:*:*:*:*:*

EPSS

Процентиль: 42%

0.00198

Низкий

6.5 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-93cj-47jp-pmx5

github

больше 3 лет назад

On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs.

EPSS

Процентиль: 42%

0.00198

Низкий

6.5 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-352