CVE-2024-0555

Published: Jan 16, 2024Modified: Nov 21, 2024

8.0

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.1 / Impact: 5.9

Source: NVD

Description

A Cross-Site Request Forgery (CSRF) vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could lead another user into executing unwanted actions inside the application they are logged in. This vulnerability is possible due to the lack of propper CSRF token implementation.

Affected (1)

Products: Xantech: Wic1200 Firmware

1 product

Wic1200 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Xantech Wic1200 Firmware	Version 1.1

Running on/with	Platform Versions
Xantech Wic1200	All versions

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200

Source: cve-coordination@incibe.es

Third Party Advisory

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.