PT-2017-8552 · Lg · L-04D
Atsuo Sakurai
·
Published
2017-05-22
·
Updated
2017-05-31
·
CVE-2016-4854
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
L-04D firmware versions V10a through V10b
Description
A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators, enabling them to perform arbitrary operations. The exact vectors used for exploitation are not specified.
Recommendations
For L-04D firmware versions V10a and V10b, consider implementing additional authentication checks to prevent CSRF attacks, such as token-based validation, until a patched version is available.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
L-04D