SBA Security Advisory – Paradox IP150 Internet Module – Cross-Site Request Forgery (CVE-2024-5676)
Vulnerability Overview
The Paradox IP150 Internet Module in version 1.40.00 is vulnerable to Cross-Site Request Forgery (CSRF) attacks due to a lack of countermeasures and the use of the HTTP method GET
to introduce changes in the system.
- Type of Vulnerability: Cross-Site Request Forgery (CSRF)
- Fixed in Version: Not yet
- CVE ID: CVE-2024-5676
- CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
- CVSS Base Score: 6.8 (Medium)
Recommended Countermeasure
We are not aware of a vendor fix yet. Please contact the vendor. For further details, see the full security advisory.
Links
Credits
- Jakob Pachmann (SBA Research)
- Fabian Funder (SBA Research)