CSRF Vulnerability in XZERES 442SR OS Allows Remote Admin Authentication Hijacking

CSRF Vulnerability in XZERES 442SR OS Allows Remote Admin Authentication Hijacking

CVE-2015-3950 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to hijack the authentication of admins for requests that select a different default admin user via a GET request.

Learn more about our User Device Pen Test.