PT-2020-14808 · N Tron · N-Tron 702-W+1

Published

2020-09-01

Updated

2020-09-08

CVE-2020-16208

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions N-Tron 702-W / 702M12-W (all versions)

Description The issue allows an attacker to perform cross-site request forgery, potentially enabling them to modify different device configurations. This can be achieved by luring an authenticated user into clicking a crafted link.

Recommendations For all versions, consider implementing measures to prevent cross-site request forgery attacks, such as validating request origins or using anti-CSRF tokens, until a specific fix is provided.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2020-16208

Affected Products

N-Tron 702-W

N-Tron 702M12-W

PT-2020-14808 · N Tron · N-Tron 702-W+1

CVE-2020-16208

Weakness Enumeration

Related Identifiers

Affected Products

References · 4