Описание
Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5, ZXHN H108N V2.5.5_BTMT1
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:zte:zxhn_h168n_firmware:3.5.0_eg1t5_te:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxhn_h168n:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:zte:zxhn_h108n_firmware:2.5.5_btmt1:*:*:*:*:*:*:*
cpe:2.3:h:zte:zxhn_h108n:-:*:*:*:*:*:*:*
EPSS
Процентиль: 31%
0.0012
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-330
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, attackers could perform illegal authorization operations by constructing messages.This affects: ZXHN H168N V3.5.0_EG1T5_TE, V2.5.5, ZXHN H108N V2.5.5_BTMT1
EPSS
Процентиль: 31%
0.0012
Низкий
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-330