Описание
Teradek VidiU Pro 3.0.3 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft malicious web pages that automatically submit password change requests to the device when a logged-in administrator visits the page.
Ссылки
- Exploit
- Product
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:o:teradek:vidiu_pro_firmware:2.4.10:*:*:*:*:*:*:*
cpe:2.3:o:teradek:vidiu_pro_firmware:3.0.2:build31225:*:*:*:*:*:*
cpe:2.3:o:teradek:vidiu_pro_firmware:3.0.3:build32136:*:*:*:*:*:*
cpe:2.3:h:teradek:vidiu_pro:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
Одно из
cpe:2.3:o:teradek:vidiu_firmware:2.4.10:*:*:*:*:*:*:*
cpe:2.3:o:teradek:vidiu_firmware:3.0.2:build31225:*:*:*:*:*:*
cpe:2.3:o:teradek:vidiu_firmware:3.0.3:build32136:*:*:*:*:*:*
cpe:2.3:h:teradek:vidiu:-:*:*:*:*:*:*:*
Конфигурация 3
Одновременно
Одно из
cpe:2.3:o:teradek:vidiu_mini_firmware:2.4.10:*:*:*:*:*:*:*
cpe:2.3:o:teradek:vidiu_mini_firmware:3.0.2:build31225:*:*:*:*:*:*
cpe:2.3:o:teradek:vidiu_mini_firmware:3.0.3:build32136:*:*:*:*:*:*
cpe:2.3:h:teradek:vidiu_mini:-:*:*:*:*:*:*:*
EPSS
Процентиль: 0%
0.00007
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 5.3
github
около 1 месяца назад
Teradek VidiU Pro 3.0.3 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft malicious web pages that automatically submit password change requests to the device when a logged-in administrator visits the page.
EPSS
Процентиль: 0%
0.00007
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-352