CVE-2024-41795

Name of the Vulnerable Software and Affected Versions: SENRON 7KT PAC1260 Data Manager (All versions)

Description: A Cross-Site Request Forgery (CSRF) issue has been identified in the web interface of affected devices. This could allow an unauthenticated attacker to change arbitrary device settings by tricking a legitimate device administrator into clicking on a malicious link.

Recommendations: For all versions, consider implementing additional security measures to prevent CSRF attacks, such as validating requests and ensuring that only authorized administrators can make changes to device settings. As a temporary workaround, restrict access to the web interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.