← back
CVE-2019-25252

Teradek VidiU Pro 3.0.3 Cross-Site Request Forgery via Password Change

CVSS 5.1 MEDIUMEPSS 0.2%CWE-352
Teradek VidiU Pro 3.0.3 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft malicious web pages that automatically submit password change requests to the device when a logged-in administrator visits the page.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Affected products
Teradek · VidiU Pro

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.exploit-db.com/exploits/44671https://www.teradek.comhttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5460.php