CVE-2019-25244

Affected software: Legrand BTicino Driver Manager F454 1.0.51. Vulnerabilities: web vulnerabilities enabling administrative actions via CSRF and stored XSS through unvalidated GET parameters. Root cause: lack of proper request validation. Impact: attacker could change passwords and inject stored ...

Legrand BTicino Driver Manager F454 1.0.51 Cross Site Request Forgery

!-- CSRF PoC OpenWebN...

Legrand BTicino Driver Manager F454 1.0.51 CSRF Change Password Exploit

Summary Audio/video web server for the remote control of the system using web pages or the MY HOME portal. The device can operate as a gateway for the use of the MHVisual and Virtual Configurator software - 6 DIN modules. It replaces item F453 and F453AV. Description The application interface...

Legrand BTicino Driver Manager F454 1.0.51 Cross Site Scripting

Waddup.' /...

Legrand BTicino Driver Manager F454 1.0.51 - Cross-Site Request Forgery / Cross-Site Scripting

Exploit for php platform in category web applications input type="hidden" name="password2" value="newpass1...

Legrand BTicino Driver Manager F454 1.0.51 Authenticated Stored XSS Exploit

Summary Audio/video web server for the remote control of the system using web pages or the MY HOME portal. The device can operate as a gateway for the use of the MHVisual and Virtual Configurator software - 6 DIN modules. It replaces item F453 and F453AV. Description The application suffers from ...

Legrand BTicino Driver Manager F454 1.0.51 - Cross-Site Request Forgery / Cross-Site Scripting

input type="submit" value="Submit requ...

Legrand BTicino Driver Manager F454 1.0.51 - Cross-Site Request Forgery Cross-Site Scripting

Legrand BTicino Driver Manager F454 1.0.51 - Cross-Site Request Forgery Cross-Site Scripting input type="hidden" name="password2" value="newpass123" /...