Описание
KYOCERA Net Admin 3.4.0906 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft malicious web pages that automatically submit forms to add new admin accounts with predefined credentials when a logged-in user visits the page.
Ссылки
- Product
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:kyocera:net_admin:3.4.0906:*:*:*:*:*:*:*
EPSS
Процентиль: 0%
0.00007
Низкий
8.8 High
CVSS3
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 5.3
github
около 1 месяца назад
KYOCERA Net Admin 3.4.0906 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft malicious web pages that automatically submit forms to add new admin accounts with predefined credentials when a logged-in user visits the page.
EPSS
Процентиль: 0%
0.00007
Низкий
8.8 High
CVSS3
Дефекты
CWE-352