CVE-2022-27632

Name of the Vulnerable Software and Affected Versions Rebooter(WATCH BOOT nino RPC-M2C) versions 1.00A through 1.00D Rebooter(WATCH BOOT light RPC-M5C) all firmware versions Rebooter(WATCH BOOT L-zero RPC-M4L) all firmware versions Rebooter(WATCH BOOT mini RPC-M4H) all firmware versions Rebooter(WATCH BOOT nino RPC-M2CS) versions 1.00A through 1.00D Rebooter(WATCH BOOT light RPC-M5CS) versions 1.00A through 1.00D Rebooter(WATCH BOOT L-zero RPC-M4LS) versions 1.00A through 1.20A Rebooter(Signage Rebooter RPC-M4HSi) version 1.00A PoE Rebooter(PoE BOOT nino PoE8M2) versions 1.00A through 1.20A Scheduler(TIME BOOT mini RSC-MT4H) all firmware versions Scheduler(TIME BOOT RSC-MT8F) all firmware versions Scheduler(TIME BOOT RSC-MT8FP) all firmware versions Scheduler(TIME BOOT mini RSC-MT4HS) versions 1.00A through 1.10A Scheduler(TIME BOOT RSC-MT8FS) versions 1.00A through 1.00E Contact Converter(POSE SE10-8A7B1) versions 1.00A through 1.20A

Description A cross-site request forgery (CSRF) issue allows a remote attacker to hijack the authentication of an administrator and conduct arbitrary operations by having a user view a specially crafted page.

Recommendations For Rebooter(WATCH BOOT nino RPC-M2C) versions 1.00A through 1.00D, consider disabling access to the administrative interface until a patch is available. For Rebooter(WATCH BOOT light RPC-M5C), Rebooter(WATCH BOOT L-zero RPC-M4L), and Rebooter(WATCH BOOT mini RPC-M4H), restrict access to the administrative interface to minimize the risk of exploitation. For Rebooter(WATCH BOOT nino RPC-M2CS) versions 1.00A through 1.00D, Rebooter(WATCH BOOT light RPC-M5CS) versions 1.00A through 1.00D, and Rebooter(WATCH BOOT L-zero RPC-M4LS) versions 1.00A through 1.20A, avoid using the administrative interface until the issue is resolved. For Rebooter(Signage Rebooter RPC-M4HSi) version 1.00A, PoE Rebooter(PoE BOOT nino PoE8M2) versions 1.00A through 1.20A, Scheduler(TIME BOOT mini RSC-MT4H), Scheduler(TIME BOOT RSC-MT8F), Scheduler(TIME BOOT RSC-MT8FP), Scheduler(TIME BOOT mini RSC-MT4HS) versions 1.00A through 1.10A, Scheduler(TIME BOOT RSC-MT8FS) versions 1.00A through 1.00E, and Contact Converter(POSE SE10-8A7B1) versions 1.00A through 1.20A, consider implementing additional security measures to prevent CSRF attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.