Описание
ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click.
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:zte:mf971r_firmware:v1.0.0b05:*:*:*:*:*:*:*
cpe:2.3:h:zte:mf971r:*:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:zte:mf971r_firmware:1v1.0.0b06:*:*:*:*:*:*:*
cpe:2.3:h:zte:mf971r:*:*:*:*:*:*:*:*
Конфигурация 3
Одновременно
cpe:2.3:o:zte:mf971r_firmware:2v1.0.0b03:*:*:*:*:*:*:*
cpe:2.3:h:zte:mf971r:*:*:*:*:*:*:*:*
Конфигурация 4
Одновременно
cpe:2.3:o:zte:mf971r_firmware:s2v1.0.0b03:*:*:*:*:*:*:*
cpe:2.3:h:zte:mf971r:*:*:*:*:*:*:*:*
Конфигурация 5
Одновременно
cpe:2.3:o:zte:mf971r_firmware:sv1.0.0b05:*:*:*:*:*:*:*
cpe:2.3:h:zte:mf971r:*:*:*:*:*:*:*:*
EPSS
Процентиль: 97%
0.40585
Средний
4.3 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 4.3
github
больше 3 лет назад
ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click.
EPSS
Процентиль: 97%
0.40585
Средний
4.3 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-352