Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in WS-Proxy in Eye-Fi 1.1.2 allow remote attackers to hijack the authentication of users for requests that modify configuration via a SOAPAction parameter of (1) urn:SetOptions for autostart, (2) urn:SetDesktopSync for file upload, or (3) urn:SetFolderConfig for file download location or modification of authentication credentials; and (4) urn:AddNetwork for adding an arbitrary Service Set Identifier (SSID) to hijack the image upload.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Eye-Fi 'WS-Proxy'多个跨站请求伪造漏洞
Vulnerability Description
Eye-Fi是一款操作便捷的相片分享软件。你可以用这款软件,来把你手机上的相片分享到网路上,或者显示在谷歌地图中。 Eye-Fi 1.1.2版本中的WS-Proxy存在多个跨站请求伪造漏洞。 远程攻击者可以借助一个(1)用于自动启动的urn:SetOptions、(2)用于文件上传的urn:SetDesktopSync或(3)用于文件下载或修改认证证书的urn:SetFolderConfig和(4)用于添加任意的Service Set Identifier(SSID)的urn:AddNetwork的SOA
CVSS Information
N/A
Vulnerability Type
N/A