Описание
A Cross-Site Request Forgery (CSRF) in Guanzhou Tozed Kangwei Intelligent Technology ZLTS10G software version S10G_3.11.6 allows attackers to takeover user accounts via sending a crafted POST request to /goform/goform_set_cmd_process.
Ссылки
- ExploitTechnical DescriptionThird Party Advisory
- ExploitTechnical DescriptionThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:sztozed:zlt_s10g_firmware:3.11.6:*:*:*:*:*:*:*
cpe:2.3:h:sztozed:zlt_s10g:-:*:*:*:*:*:*:*
EPSS
Процентиль: 29%
0.00105
Низкий
8.8 High
CVSS3
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 8.8
github
больше 2 лет назад
A Cross-Site Request Forgery (CSRF) in Guanzhou Tozed Kangwei Intelligent Technology ZLTS10G software version S10G_3.11.6 allows attackers to takeover user accounts via sending a crafted POST request to /goform/goform_set_cmd_process.
EPSS
Процентиль: 29%
0.00105
Низкий
8.8 High
CVSS3
Дефекты
CWE-352