Shaunography

**Name of the Vulnerable Software and Affected Versions** Bitaxe ESP-Miner versions prior to 2.5.0 **Description** The issue allows an attacker to perform a CSRF attack via the "/api/system" API endpoint to update the payout address, also known as `stratumUser`, for a Bitaxe Bitcoin miner. Additionally, it enables changes to the frequency and voltage settings. **Recommendations** For versions prior to 2.5.0, update to version 2.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/api/system" API endpoint to minimize the risk of exploitation.