CVE-2020-5549

Published: Apr 8, 2020Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in EasyBlocks IPv6 Ver. 2.0.1 and earlier and Enterprise Ver. 2.0.1 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Affected (2)

Products: Plathome: Easyblocks Ipv6 Firmware, Easyblocks Ipv6 Enterprise Firmware

Plathome

2 products

Easyblocks Ipv6 Firmware

Easyblocks Ipv6 Enterprise Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Plathome Easyblocks Ipv6 Firmware	Up to 2.0.1

Running on/with	Platform Versions
Plathome Easyblocks Ipv6	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Plathome Easyblocks Ipv6 Enterprise Firmware	Up to 2.0.1

Running on/with	Platform Versions
Plathome Easyblocks Ipv6 Enterprise	All versions

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

https://jvn.jp/en/jp/JVN89224521/index.html

Source: vultures@jpcert.or.jp

Third Party Advisory

https://www.plathome.co.jp/software/ipv6-enterprise-v2-0-2/

Source: vultures@jpcert.or.jp

Release NotesVendor Advisory

https://www.plathome.co.jp/software/ipv6-v2-0-2/

Source: vultures@jpcert.or.jp

Release NotesVendor Advisory

https://jvn.jp/en/jp/JVN89224521/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.plathome.co.jp/software/ipv6-enterprise-v2-0-2/

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://www.plathome.co.jp/software/ipv6-v2-0-2/

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.