11 matches found
CVE-2018-25152
Ecessa Edge EV150 10.7.4 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious web page with a form that submits requests to the /cgi-bin/plweb.cgi/utilconfigloginact endpoint to add...
CVE-2018-25152 Ecessa Edge EV150 10.7.4 Cross-Site Request Forgery via User Configuration
Ecessa Edge EV150 10.7.4 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious web page with a form that submits requests to the /cgi-bin/plweb.cgi/utilconfigloginact endpoint to add...
CVE-2018-25152 Ecessa Edge EV150 10.7.4 Cross-Site Request Forgery via User Configuration
Ecessa Edge EV150 10.7.4 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious web page with a form that submits requests to the /cgi-bin/plweb.cgi/utilconfigloginact endpoint to add...
CVE-2018-25152
CVE-2018-25152 affects Ecessa Edge EV150 10.7.4. A cross-site request forgery allows unauthenticated attackers to add superuser accounts by crafting a page that submits to /cgi-bin/pl_web.cgi/util_configlogin_act. The connected sources confirm the vulnerable component, the endpoint, and the impac...
PT-2025-53372
Ecessa Edge EV150 10.7.4 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious web page with a form that submits requests to the /cgi-bin/pl web.cgi/util configlogin act endpoint to...
Ecessa Edge EV150 跨站请求伪造漏洞
Ecessa Edge EV150 is a multilink load balancer from Ecessa USA. A cross-site request forgery vulnerability exists in Ecessa Edge EV150 version 10.7.4, which stems from vulnerability to a cross-site request forgery attack that could lead to the creation of an administrator account...
Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery (Add Superuser) Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery Add Superuser Author: LiquidWorm Vendor: Ecessa Corporation Product web page: https://www.ecessa.com Affected version: 10.7.4, 10.6.9, 10.6.5.2, 10.5.4, 10.2.24, 9.2.24...
Ecessa Edge EV150 10.7.4 Add Superuser Cross Site Request Forgery
input type="hidden" name="userpasswdveri...
Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery (Add Superuser) Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery Add Superuser Author: LiquidWorm Vendor: Ecessa Corporation Product web page: https://www.ecessa.com Affected version: 10.7.4, 10.6.9, 10.6.5.2, 10.5.4, 10.2.24, 9.2.24...
Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery (Add Superuser)
Exploit Title: Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery Add Superuser Author: LiquidWorm Date: 2018-05-21 Vendor: Ecessa Corporation Product web page: https://www.ecessa.com Affected version: 10.7.4, 10.6.9, 10.6.5.2, 10.5.4, 10.2.24, 9.2.24 Tested on: lighttpd/1.4.35 Summary: Intern...
Ecessa Edge EV150 10.7.4 CSRF Add Superuser Exploit
Summary Internet Failover and Load Balancing for Small Businesses, Stores and Branch Offices. Description The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain...