Easergy T300 Firmware 1.5.2 and Older: Cross-Site Request Forgery (CSRF) Vulnerability

Easergy T300 Firmware 1.5.2 and Older: Cross-Site Request Forgery (CSRF) Vulnerability

CVE-2020-7503 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to execute malicious commands on behalf of a legitimate user when xsrf-token data is intercepted.

Learn more about our User Device Pen Test.