5.1
CVE-2019-25252
- EPSS 0.01%
- Veröffentlicht 24.12.2025 19:28:04
- Zuletzt bearbeitet 26.01.2026 16:15:54
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
LoginTeradek VidiU Pro 3.0.3 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft malicious web pages that automatically submit password change requests to the device when a logged-in administrator visits the page.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Teradek ≫ Vidiu Pro Firmware Version2.4.10
Teradek ≫ Vidiu Pro Firmware Version3.0.2 Updatebuild31225
Teradek ≫ Vidiu Pro Firmware Version3.0.3 Updatebuild32136
Teradek ≫ Vidiu Firmware Version2.4.10
Teradek ≫ Vidiu Firmware Version3.0.2 Updatebuild31225
Teradek ≫ Vidiu Firmware Version3.0.3 Updatebuild32136
Teradek ≫ Vidiu Mini Firmware Version2.4.10
Teradek ≫ Vidiu Mini Firmware Version3.0.2 Updatebuild31225
Teradek ≫ Vidiu Mini Firmware Version3.0.3 Updatebuild32136
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.007 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| disclosure@vulncheck.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
|
| disclosure@vulncheck.com | 5.1 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.