CVE-2018-25151
Ecessa WANWorx WVR-30 < 10.7.4 Cross-Site Request Forgery via User Configuration
Ecessa WANWorx WVR-30 versions before 10.7.4 contain a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft a malicious web page with a hidden form to create a new superuser account by tricking an authenticated administrator into loading the page.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Affected products
Ecessa Corporation · WANWorx WVR-30Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →