PT-2022-6504 · Spacelynk+1 · Spacelynk+2
Published
2022-02-08
·
Updated
2023-01-30
·
CVE-2022-22811
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
spaceLYnk versions 2.6.2 and prior
Wiser for KNX (formerly homeLYnk) versions 2.6.2 and prior
fellerLYnk versions 2.6.2 and prior
Description
A Cross-Site Request Forgery (CSRF) issue exists that could induce users to perform unintended actions, leading to the override of the system's configurations when an attacker persuades a user to visit a rogue website. The vulnerability allows a remote attacker to exploit the system, potentially reconfiguring it.
Recommendations
For spaceLYnk versions 2.6.2 and prior, update to a version later than 2.6.2 to resolve the issue.
For Wiser for KNX (formerly homeLYnk) versions 2.6.2 and prior, update to a version later than 2.6.2 to resolve the issue.
For fellerLYnk versions 2.6.2 and prior, update to a version later than 2.6.2 to resolve the issue.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wiser For Knx
Fellerlynk
Spacelynk