CVE-2022-41489

Name of the Vulnerable Software and Affected Versions WAYOS LQ 09 version 22.03.17V

Description The issue allows attackers to send crafted requests to the server from the affected device due to a lack of authentication in the component Usb upload.htm. This enables Cross-Site Request Forgery (CSRF) attacks.

Recommendations For WAYOS LQ 09 version 22.03.17V, consider restricting access to the Usb upload.htm component until a patch is available. As a temporary workaround, ensure proper authentication mechanisms are in place to mitigate the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.