Floragasse 7 – 5th floor, 1040 Vienna
Subscribe to our Newsletter

News

SBA Security Advisory – Paradox IP150 Internet Module – Cross-Site Request Forgery (CVE-2024-5676)

Vulnerability Overview

The Paradox IP150 Internet Module in version 1.40.00 is vulnerable to Cross-Site Request Forgery (CSRF) attacks due to a lack of countermeasures and the use of the HTTP method GET to introduce changes in the system.

  • Type of Vulnerability: Cross-Site Request Forgery (CSRF)
  • Fixed in Version: Not yet
  • CVE ID: CVE-2024-5676
  • CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
  • CVSS Base Score: 6.8 (Medium)

Recommended Countermeasure

We are not aware of a vendor fix yet. Please contact the vendor. For further details, see the full security advisory.

Links

Full Security Advisory

Credits