PT-2023-19977 · Multitech · Multitech Conduit Ap Mtcap2-L4E1

Published

2023-07-07

Updated

2023-07-17

CVE-2023-25201

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A version 6.0.0

Description A Cross Site Request Forgery (CSRF) issue allows a remote attacker to execute arbitrary code via a crafted script upload. This can lead to unauthorized actions on the affected system.

Recommendations For version 6.0.0, consider disabling script uploads until a patch is available to prevent exploitation of the CSRF issue. Restrict access to the affected system to minimize the risk of remote code execution.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2023-25201

Affected Products

Multitech Conduit Ap Mtcap2-L4E1

PT-2023-19977 · Multitech · Multitech Conduit Ap Mtcap2-L4E1

CVE-2023-25201

Weakness Enumeration

Related Identifiers

Affected Products

References · 5