PT-2017-8552 · Lg · L-04D
Atsuo Sakurai
·
Publicado
2017-05-22
·
Atualizado
2017-05-31
·
CVE-2016-4854
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
L-04D firmware versions V10a through V10b
Description
A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators, enabling them to perform arbitrary operations. The exact vectors used for exploitation are not specified.
Recommendations
For L-04D firmware versions V10a and V10b, consider implementing additional authentication checks to prevent CSRF attacks, such as token-based validation, until a patched version is available.
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
L-04D