← volver
CVE-2019-25252

Teradek VidiU Pro 3.0.3 Cross-Site Request Forgery via Password Change

CVSS 5.1 MEDIUMEPSS 0.2%CWE-352
Teradek VidiU Pro 3.0.3 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft malicious web pages that automatically submit password change requests to the device when a logged-in administrator visits the page.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Productos afectados
Teradek · VidiU Pro

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.exploit-db.com/exploits/44671https://www.teradek.comhttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5460.php