CVE-2018-6408

Name of the Vulnerable Software and Affected Versions Conceptronic CIPCAMPTIWL V3 version 0.61.30.21

Description An issue exists where CSRF is present in the "hy-cgi/user.cgi" API endpoint, allowing actions such as changing an administrator password or adding a new administrator account.

Recommendations For Conceptronic CIPCAMPTIWL V3 version 0.61.30.21, as a temporary workaround, consider restricting access to the "hy-cgi/user.cgi" API endpoint to minimize the risk of exploitation. Avoid using this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.