CVE-2024-0555
Published Jan 16, 2024
Last updated 10 months ago
Overview
- Description
- A Cross-Site Request Forgery (CSRF) vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could lead another user into executing unwanted actions inside the application they are logged in. This vulnerability is possible due to the lack of propper CSRF token implementation.
- Source
- cve-coordination@incibe.es
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8
- Impact score
- 5.9
- Exploitability score
- 2.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- cve-coordination@incibe.es
- CWE-352
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xantech:wic1200_firmware:1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "27A5FA72-8BA5-4BE7-89D2-8D85C1554A8A"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:xantech:wic1200:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "04CACDA7-1954-4FDE-998A-E5675B65787F"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]