exploitDog

CVE-2025-2863

Опубликовано: 28 мар. 2025

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in the web application of saTECH BCU firmware version 2.1.3, which could allow an unauthenticated local attacker to exploit active administrator sessions and perform malicious actions. The malicious actions that can be executed by the attacker depend on the logged-in user, and may include rebooting the device or modifying roles and permissions.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcu
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:arteche:satech_bcu_firmware:2.1.3:*:*:*:*:*:*:*

cpe:2.3:h:arteche:satech_bcu:-:*:*:*:*:*:*:*

EPSS

Процентиль: 7%

0.00026

Низкий

7.8 High

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-hprf-f9v4-9r3r

CVSS3: 7.8

github

11 месяцев назад

Cross-site request forgery (CSRF) vulnerability in the web application of saTECH BCU firmware version 2.1.3, which could allow an unauthenticated local attacker to exploit active administrator sessions and perform malicious actions. The malicious actions that can be executed by the attacker depend on the logged-in user, and may include rebooting the device or modifying roles and permissions.

EPSS

Процентиль: 7%

0.00026

Низкий

7.8 High

CVSS3

Дефекты

CWE-352