Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Hereta ETH-IMC408M CSRF via Configuration Setup
Vulnerability Description
Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a cross-site request forgery vulnerability that allows attackers to modify device configuration by exploiting missing CSRF protections in setup.cgi. Attackers can host malicious pages that submit forged requests using automatically-included HTTP Basic Authentication credentials to add RADIUS accounts, alter network settings, or trigger diagnostics.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Hereta ETH-IMC408M 跨站请求伪造漏洞
Vulnerability Description
Hereta ETH-IMC408M是美国Hereta公司的一款以太网交换机设备。 Hereta ETH-IMC408M 1.0.15及之前版本存在跨站请求伪造漏洞,该漏洞源于setup.cgi缺少跨站请求伪造保护,可能导致攻击者修改设备配置。
CVSS Information
N/A
Vulnerability Type
N/A