Japan Vulnerability NotesJVN:47164236JVN#47164236: AQUOS Photo Player HN-PP150 vulnerable to cross-site request forgery
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
EPSS
Percentile
50.5%
AQUOS Photo Player HN-PP150 provided by Sharp Corporation contains a cross-site request forgery vulnerability (CWE-352).
Impact
If a user views a malicious page, information such as settings may be altered unintentionaly.
Solution
Update the Firmware
Update to the latest firmware version according to the information provided by the developer.
Products Affected
- AQUOS Photo Player HN-PP150 Versions from 1.02.00.04 to 1.03.01.04
According to the developer, HN-PP100 has no network functionality therefore it is not affected by this vulnerability.
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
EPSS
Percentile
50.5%