Mobotix S14 Camera Cross-Site Request Forgery (CVE-2019-12502)

There is a lack of CSRF countermeasures on MOBOTIX S14 MX-V4.2.1.61 cameras, as demonstrated by adding an admin account via the /admin/access URI. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable,...

CVE-2019-12502

There is a lack of CSRF countermeasures on MOBOTIX S14 MX-V4.2.1.61 cameras, as demonstrated by adding an admin account via the /admin/access URI...

Cross site request forgery (csrf)

There is a lack of CSRF countermeasures on MOBOTIX S14 MX-V4.2.1.61 cameras, as demonstrated by adding an admin account via the /admin/access URI...

CVE-2019-12502

The CVE-2019-12502 entry concerns MOBOTIX S14 MX-V4.2.1.61 cameras with a lack of CSRF countermeasures, demonstrated by the ability to add an admin account via the /admin/access URI. This is documented across multiple sources (NVD, Red Hat, Nessus plugin, etc.) and indicates a cross-site request ...

CVE-2019-7674

The CVE concerns MOBOTIX S14 MX-V4.2.1.61 devices where the /admin/access endpoint accepts a request to set the password to a fixed value (the string “aaaaa”). This represents an authentication weakness enabling password change by an authorized or potentially any user, depending on access control...

CVE-2019-7674

An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. /admin/access accepts a request to set the "aaaaa" password, considered insecure for some use cases, from a user...