CVE-2024-45372

Summary

MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Viewing a malicious page while logging in to the web management page of the affected product may lead the user to perform unintended operations such as changing the login password, etc.

Affected Software

VendorProductVersion RangeStatus
PLANEX COMMUNICATIONS INC.MZK-DP300Nfirmware versions 1.04 and earlieraffected

Weaknesses

  • CWE-352: Cross-site request forgery (CSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References