CVE-2015-7925

EPSS 1.24%
Veröffentlicht 23.12.2015 11:59:01
Zuletzt bearbeitet 06.05.2026 22:30:45
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

Cross-site request forgery (CSRF) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to hijack the authentication of administrators for requests that trigger firmware upload, removal of configuration data, or a reboot.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ewon ≫ Ewon Firmware Version <= 10.0s0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.24%	0.654

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8	2.1	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01

Vendor Advisory

http://seclists.org/fulldisclosure/2015/Dec/118

http://www.securityfocus.com/bid/79625

https://ics-cert.us-cert.gov/advisories/ICSA-15-351-03

Third Party Advisory

US Government Resource

http://packetstormsecurity.com/files/135069/eWON-XSS-CSRF-Session-Management-RBAC-Issues.html

https://nvd.nist.gov/vuln/detail/CVE-2015-7925

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-7925

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-7925

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2015-7925