C-MOR Web Interface Vulnerable to CSRF Attacks
CVE-2024-45172

6.8MEDIUM

Key Information:

Vendor: za-internet
Vendor: CVE Published:; 4 September 2024

🔔 Create za-internet Vulnerability Alert

What is CVE-2024-45172?

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to missing protection mechanisms, the C-MOR web interface is vulnerable to cross-site request forgery (CSRF) attacks. The C-MOR web interface offers no protection against cross-site request forgery (CSRF) attacks.

References

https://www.syss.de/fileadmin/dokumente/Publikationen/Adv...

https://www.syss.de/pentest-blog/mehrere-sicherheitsschwa...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2024

CVE-2024-45172 Data

JSON