Luring Authenticated Victims into Performing State-Changing Operations

CVE-2024-3083
8.3HIGH

Key Information

Vendor
Plug&track
Status
Sensor Net Connect V2
Vendor
CVE Published:
31 July 2024

Summary

A “CWE-352: Cross-Site Request Forgery (CSRF)” can be exploited by remote attackers to perform state-changing operations with administrative privileges by luring authenticated victims into visiting a malicious web page.

Affected Version(s)

Sensor Net Connect V2 = 2.24

CVSS V3.1

Score:
8.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database

Credit

Diego Zaffaroni of Nozomi Networks found this bug during a security research activity.
.