exploitDog

CVE-2024-45372

Опубликовано: 26 сент. 2024

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Viewing a malicious page while logging in to the web management page of the affected product may lead the user to perform unintended operations such as changing the login password, etc.

Ссылки

https://jvn.jp/en/jp/JVN81966868/
Third Party Advisory
https://www.planex.co.jp/support/download/mzk-dp300n/
Product

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:planex:mzk-dp300n_firmware:*:*:*:*:*:*:*:*

Версия до 1.04 (включая)

cpe:2.3:h:planex:mzk-dp300n:-:*:*:*:*:*:*:*

EPSS

Процентиль: 27%

0.00095

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-352

CWE-352

Связанные уязвимости

GHSA-37jm-q7wj-f2wc

CVSS3: 6.5

github

больше 1 года назад

MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Viewing a malicious page while logging in to the web management page of the affected product may lead the user to perform unintended operations such as changing the login password, etc.

EPSS

Процентиль: 27%

0.00095

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-352

CWE-352