CVE-2024-45372

Name of the Vulnerable Software and Affected Versions PLANEX MZK-DP300N firmware versions 1.04 and earlier

Description The issue is related to a cross-site request forgery vulnerability. Viewing a malicious page while logging in to the web management page of the affected product may lead the user to perform unintended operations, such as changing the login password.

Recommendations For firmware versions 1.04 and earlier, update to a patched version as soon as possible and enforce strict CSRF token validation. As a temporary workaround, consider restricting access to the web management page until a patch is available.