CVE-2021-37201

Name of the Vulnerable Software and Affected Versions SINEC NMS versions prior to V1.0 SP1

Description A Cross-Site Request Forgery (CSRF) attack can be performed on the web interface of affected devices. This could allow an attacker to manipulate the SINEC NMS configuration by tricking an unsuspecting user with administrative privileges to click on a malicious link.

Recommendations For versions prior to V1.0 SP1, update to V1.0 SP1 or later to resolve the issue. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation.