ioLogik E1200 Series Firmware Vulnerable to CSRF Attacks

CVE-2023-5961

8.8HIGH

Key Information

Vendor: Moxa
Status: ioLogik E1200 Series
Vendor: CVE Published:; 23 December 2023

Badges

👾 Exploit Exists🔴 Public PoC

Summary

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This vulnerability may lead an attacker to perform operations on behalf of the victimized user.

Affected Version(s)

ioLogik E1200 Series <= 3.3

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-5961
Created by HadessCS

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

👾
Exploit exists.
Feb 1, 2024
Vulnerability published.
Dec 23, 2023
Vulnerability Reserved.
Nov 6, 2023

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)

Credit

Reza Rashidi from HADESS