A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to execute malicious commands on behalf of a legitimate user when xsrf-token data is intercepted.
References
Link | Resource |
---|---|
https://www.se.com/ww/en/download/document/SEVD-2020-161-04 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: schneider
Published: 2020-06-16T19:42:10
Updated: 2020-06-16T19:42:10
Reserved: 2020-01-21T00:00:00
Link: CVE-2020-7503
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-06-16T20:15:15.130
Modified: 2020-06-17T20:04:17.620
Link: CVE-2020-7503
JSON object: View
Redhat Information
No data.
CWE