CVE-2024-45372

Published: Sep 26, 2024Modified: Mar 25, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Viewing a malicious page while logging in to the web management page of the affected product may lead the user to perform unintended operations such as changing the login password, etc.

Affected (1)

Products: Planex: Mzk Dp300n Firmware

1 product

Mzk Dp300n Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Planex Mzk Dp300n Firmware	Up to 1.04

Running on/with	Platform Versions
Planex Mzk Dp300n	All versions

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://jvn.jp/en/jp/JVN81966868/

Source: vultures@jpcert.or.jp

Third Party Advisory

https://www.planex.co.jp/support/download/mzk-dp300n/

Source: vultures@jpcert.or.jp

Product

Timeline

No history available yet.