Описание
In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website visited by an authenticated admin user or a malicious mail is allowed to make arbitrary changes in the "admin panel" because there is no CSRF protection.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.4.0 (исключая)
Одновременно
cpe:2.3:o:miele:xgw_3000_zigbee_gateway_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:miele:xgw_3000_zigbee_gateway:-:*:*:*:*:*:*:*
EPSS
Процентиль: 55%
0.00321
Низкий
4.6 Medium
CVSS3
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
github
больше 3 лет назад
In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website visited by an authenticated admin user or a malicious mail is allowed to make arbitrary changes in the "admin panel" because there is no CSRF protection.
EPSS
Процентиль: 55%
0.00321
Низкий
4.6 Medium
CVSS3
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352