← voltar
CVE-2019-25252

Teradek VidiU Pro 3.0.3 Cross-Site Request Forgery via Password Change

CVSS 5.1 MEDIUMEPSS 0.2%CWE-352
Teradek VidiU Pro 3.0.3 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft malicious web pages that automatically submit password change requests to the device when a logged-in administrator visits the page.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Produtos afetados
Teradek · VidiU Pro

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.exploit-db.com/exploits/44671https://www.teradek.comhttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5460.php