PT-2023-19977 · Multitech · Multitech Conduit Ap Mtcap2-L4E1

Publicado

2023-07-07

Atualizado

2023-07-17

CVE-2023-25201

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A version 6.0.0

Description A Cross Site Request Forgery (CSRF) issue allows a remote attacker to execute arbitrary code via a crafted script upload. This can lead to unauthorized actions on the affected system.

Recommendations For version 6.0.0, consider disabling script uploads until a patch is available to prevent exploitation of the CSRF issue. Restrict access to the affected system to minimize the risk of remote code execution.

Exploit

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2023-25201

Produtos afetados

Multitech Conduit Ap Mtcap2-L4E1

PT-2023-19977 · Multitech · Multitech Conduit Ap Mtcap2-L4E1

CVE-2023-25201

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5