← Back

CVE-2020-37172

nvd nist
Published: Feb 11, 2026Modified: Feb 18, 2026

JSON object

Loading...
8.5
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: disclosure@vulncheck.com (Secondary)

Description

AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials without authentication.

Affected (1)

Products: Wwbn: Avideo
Wwbn
1 product
Avideo
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Avideo
Version 8.1

Related CWEs

CWE-640
Weak Password Recovery Mechanism for Forgotten Password
The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

References (4)

Source: disclosure@vulncheck.com
Product
Source: disclosure@vulncheck.com
Product
Source: disclosure@vulncheck.com
ExploitThird Party AdvisoryVDB Entry
Source: disclosure@vulncheck.com
Third Party Advisory

Timeline

No history available yet.