Products
MZK-DP300N firmware
- 1.04 and earlier
Source
vultures@jpcert.or.jp
Tags
CVE-2024-45372 details
Published : Sept. 26, 2024, 5:15 a.m.
Last Modified : Sept. 26, 2024, 1:32 p.m.
Last Modified : Sept. 26, 2024, 1:32 p.m.
Description
MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Viewing a malicious page while logging in to the web management page of the affected product may lead the user to perform unintended operations such as changing the login password, etc.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-352 | Cross-Site Request Forgery (CSRF) | The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. |
References
| URL | Source |
|---|---|
| https://jvn.jp/en/jp/JVN81966868/ | vultures@jpcert.or.jp |
| https://www.planex.co.jp/support/download/mzk-dp300n/ | vultures@jpcert.or.jp |
This website uses the NVD API, but is not approved or certified by it.