Cross site request forgery (csrf)

2020-09-1620:15:00

PRIOn knowledge base

www.prio-n.com

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.5%

JSON

A CSRF vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3.

CPENameOperatorVersion
freebox_delta_firmwarelt4.2.3
freebox_mini_firmwarelt4.2.3
freebox_one_firmwarelt4.2.3
freebox_pop_firmwarelt4.2.3
freebox_revolution_firmwarelt4.2.3

Name	Operator	Version
freebox_delta_firmware	lt	4.2.3
freebox_mini_firmware	lt	4.2.3
freebox_one_firmware	lt	4.2.3
freebox_pop_firmware	lt	4.2.3
freebox_revolution_firmware	lt	4.2.3

References

dev.freebox.fr/blog/?p=10222

www.gabriel.urdhr.fr/2020/09/23/dns-rebinding-freebox/