CVE-2015-7925

Published: Dec 23, 2015Modified: May 6, 2026

8.0

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.1 / Impact: 5.9

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to hijack the authentication of administrators for requests that trigger firmware upload, removal of configuration data, or a reboot.

Affected (1)

Products: Ewon: Ewon Firmware

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ewon Ewon Firmware	Up to 10.0s0

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (10)

http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01

Source: ics-cert@hq.dhs.gov

Vendor Advisory

http://packetstormsecurity.com/files/135069/eWON-XSS-CSRF-Session-Management-RBAC-Issues.html

Source: ics-cert@hq.dhs.gov

http://seclists.org/fulldisclosure/2015/Dec/118

Source: ics-cert@hq.dhs.gov

http://www.securityfocus.com/bid/79625

Source: ics-cert@hq.dhs.gov

https://ics-cert.us-cert.gov/advisories/ICSA-15-351-03

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://packetstormsecurity.com/files/135069/eWON-XSS-CSRF-Session-Management-RBAC-Issues.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2015/Dec/118

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/79625

Source: af854a3a-2127-422b-91ae-364da2661108

https://ics-cert.us-cert.gov/advisories/ICSA-15-351-03

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.