CVE-2019-25252

Summary

Teradek VidiU Pro 3.0.3 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft malicious web pages that automatically submit password change requests to the device when a logged-in administrator visits the page.

Affected Software

VendorProductVersion RangeStatus
TeradekVidiU Pro3.0.3affected
TeradekVidiU Pro3.0.2affected
TeradekVidiU Pro2.4.10affected

Weaknesses

  • CWE-352: Cross-Site Request Forgery (CSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References