36 matches found
CVE-2019-25251
Teradek VidiU Pro 3.0.3 contains a server-side request forgery vulnerability in the management interface that allows attackers to manipulate GET parameters 'url' and 'xmlurl'. Attackers can exploit this flaw to bypass firewalls, initiate network enumeration, and potentially trigger external HTTP...
CVE-2019-25252
Teradek VidiU Pro 3.0.3 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft malicious web pages that automatically submit password change requests to the device when a logged-in...
CVE-2019-25252
Teradek VidiU Pro 3.0.3 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft malicious web pages that automatically submit password change requests to the device when a logged-in...
CVE-2019-25251
Teradek VidiU Pro 3.0.3 contains a server-side request forgery vulnerability in the management interface that allows attackers to manipulate GET parameters 'url' and 'xmlurl'. Attackers can exploit this flaw to bypass firewalls, initiate network enumeration, and potentially trigger external HTTP...
CVE-2019-25252 Teradek VidiU Pro 3.0.3 Cross-Site Request Forgery via Password Change
Teradek VidiU Pro 3.0.3 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft malicious web pages that automatically submit password change requests to the device when a logged-in...
CVE-2019-25252 Teradek VidiU Pro 3.0.3 Cross-Site Request Forgery via Password Change
Teradek VidiU Pro 3.0.3 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft malicious web pages that automatically submit password change requests to the device when a logged-in...
CVE-2019-25252
CVE-2019-25252 affects Teradek VidiU Pro 3.0.3 with a cross-site request forgery that allows changing administrative passwords when a logged-in administrator visits a malicious page. The issue arises from insufficient request validation, enabling an attacker-controlled page to submit password-cha...
CVE-2019-25251 Teradek VidiU Pro 3.0.3 Server-Side Request Forgery via RTMP Settings
Teradek VidiU Pro 3.0.3 contains a server-side request forgery vulnerability in the management interface that allows attackers to manipulate GET parameters 'url' and 'xmlurl'. Attackers can exploit this flaw to bypass firewalls, initiate network enumeration, and potentially trigger external HTTP...
CVE-2019-25251 Teradek VidiU Pro 3.0.3 Server-Side Request Forgery via RTMP Settings
Teradek VidiU Pro 3.0.3 contains a server-side request forgery vulnerability in the management interface that allows attackers to manipulate GET parameters 'url' and 'xmlurl'. Attackers can exploit this flaw to bypass firewalls, initiate network enumeration, and potentially trigger external HTTP...
CVE-2019-25251
CVE-2019-25251 affects Teradek VidiU Pro 3.0.3. The vulnerability is a server-side request forgery in the management interface that allows manipulation of the GET parameters url and xml_url, enabling attackers to bypass firewalls, perform network enumeration, and potentially trigger external HTTP...
PT-2025-53337
Name of the Vulnerable Software and Affected Versions Teradek VidiU Pro version 3.0.3 Description The software contains a server-side request forgery issue in the management interface. Attackers can manipulate GET parameters url and xml url to bypass firewalls, perform network enumeration, and...
Teradek VidiU Pro 安全漏洞
Teradek VidiU Pro is a hardware live encoder from Teradek USA. A security vulnerability exists in Teradek VidiU Pro version 3.0.3 that stems from a lack of proper request validation and could lead to a cross-site request forgery attack...
PT-2025-53338
Name of the Vulnerable Software and Affected Versions Teradek VidiU Pro version 3.0.3 Description The Teradek VidiU Pro software contains a cross-site request forgery issue. This allows attackers to alter administrative passwords due to insufficient validation of requests. An attacker can create...
Teradek VidiU Pro 安全漏洞
Teradek VidiU Pro is a hardware live streaming encoder from Teradek USA. A security vulnerability exists in Teradek VidiU Pro version 3.0.3, which stems from the mishandling of the url and xmlurl parameters by the management interface, which could lead to a server-side request forgery attack...
CVE-2021-37375
Cross Site Scripting XSS vulnerability in Teradek VidiU / VidiU Mini firmware version 3.0.8 and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any...
CVE-2021-37375
Cross Site Scripting XSS vulnerability in Teradek VidiU / VidiU Mini firmware version 3.0.8 and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any...
CVE-2021-37375
Cross Site Scripting XSS vulnerability in Teradek VidiU / VidiU Mini firmware version 3.0.8 and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any...
Cross site scripting
UNSUPPORTED WHEN ASSIGNED Cross Site Scripting XSS vulnerability in Teradek VidiU / VidiU Mini firmware version 3.0.8 and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and wi...
CVE-2021-37375
Cross Site Scripting XSS vulnerability in Teradek VidiU / VidiU Mini firmware version 3.0.8 and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any...
CVE-2021-37375
Teradek VidiU / VidiU Mini firmware versions 3.0.8 and earlier are affected by a Cross Site Scripting (XSS) vulnerability in the System Information Settings’ Friendly Name field, allowing remote attackers to run arbitrary code. Root cause: unsafely processed input in the Friendly Name parameter l...