ioLogik E1200 Series Firmware Vulnerable to CSRF Attacks
CVE-2023-5961
8.8HIGH
Key Information
- Vendor
- Moxa
- Status
- Iologik E1200 Series
- Vendor
- CVE Published:
- 23 December 2023
Badges
👾 Exploit Exists🔴 Public PoC
Summary
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This vulnerability may lead an attacker to perform operations on behalf of the victimized user.
Affected Version(s)
ioLogik E1200 Series <= 3.3
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
Refferences
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
- 🔴
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database1 Proof of Concept(s)
Credit
Reza Rashidi from HADESS