CVE-2018-25127

Summary

SOCA Access Control System 180612 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages that submit forged requests to create admin accounts by tricking logged-in users into visiting a malicious site.

Affected Software

VendorProductVersion RangeStatus
SOCA Technology Co., LtdSOCA Access Control System180612affected
SOCA Technology Co., LtdSOCA Access Control System170000affected
SOCA Technology Co., LtdSOCA Access Control System141007affected

Weaknesses

  • CWE-352: Cross-Site Request Forgery (CSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References