CVE-2019-25251
6.9
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow more
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: disclosure@vulncheck.com (Secondary)
Description
Teradek VidiU Pro 3.0.3 contains a server-side request forgery vulnerability in the management interface that allows attackers to manipulate GET parameters 'url' and 'xml_url'. Attackers can exploit this flaw to bypass firewalls, initiate network enumeration, and potentially trigger external HTTP requests to arbitrary destinations.
Affected (9)
Products: Teradek: Vidiu Pro Firmware, Vidiu Firmware, Vidiu Mini Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.4.10 |
| Running on/with | Platform Versions |
|---|---|
Teradek Vidiu Pro | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.4.10 |
| Running on/with | Platform Versions |
|---|---|
Teradek Vidiu | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.4.10 |
| Running on/with | Platform Versions |
|---|---|
Teradek Vidiu Mini | All versions |
References (5)
Source: disclosure@vulncheck.com
ExploitThird Party Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
ExploitThird Party Advisory
Timeline
No history available yet.