PT-2011-5136 · Homeseer · Homeseer Hs2
Silent Dream
·
Publicado
2011-12-15
·
Atualizado
2011-12-15
·
CVE-2011-4837
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
HomeSeer HS2 version 2.5.0.20
Description
A cross-site request forgery issue exists in the web interface of HomeSeer HS2, specifically in the /ctrl endpoint, allowing remote attackers to hijack admin authentication for requests that execute arbitrary programs.
Recommendations
For HomeSeer HS2 version 2.5.0.20, consider disabling access to the /ctrl endpoint in the web interface until a patch is available to prevent exploitation of this issue.
Exploit
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Homeseer Hs2