CVE-2024-45372 Vulnerability Details

  /     /     /  

CVE-2024-45372 Metadata Quick Info

CVE Published: 26/09/2024 | CVE Updated: 26/09/2024 | CVE Year: 2024
Source: jpcert | Vendor: PLANEX COMMUNICATIONS INC. | Product: MZK-DP300N
Status : PUBLISHED

CVE-2024-45372 Description

MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Viewing a malicious page while logging in to the web management page of the affected product may lead the user to perform unintended operations such as changing the login password, etc.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-352
CWE Name: Cross-site request forgery (CSRF)
Source: PLANEX COMMUNICATIONS INC.

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).