Lucene search

Sba-researchCVELIST:CVE-2024-5676

HistoryJun 19, 2024 - 9:47 a.m.

CVE-2024-5676 Paradox IP150 Internet Module Cross-Site Request Forgery

2024-06-1909:47:38

CWE-352

sba-research

www.cve.org

paradox ip150

internet module

csrf

vulnerability

version 1.40.00

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

0.0004 Low

EPSS

Percentile

15.7%

JSON

The Paradox IP150 Internet Module in version 1.40.00 is vulnerable to Cross-Site Request Forgery (CSRF) attacks due to a lack of countermeasures and the use of the HTTP method GET to introduce changes in the system.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "IP150 Internet Module",
    "vendor": "Paradox Security Systems (Bahamas) Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "1.40.00",
        "versionType": "custom"
      }
    ]
  }
]

References

seclists.org/fulldisclosure/2024/Jun/8

github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240321-01_Paradox_Cross_Site_Request_Forgery

www.paradox.com/Products/default.asp?CATID=3&SUBCATID=38&PRD=563

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H

0.0004 Low

EPSS

Percentile

15.7%

JSON

Related for CVELIST:CVE-2024-5676