Vulnerability Description
Cross-site request forgery (CSRF) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to hijack the authentication of administrators for requests that trigger firmware upload, removal of configuration data, or a reboot.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ewon | Ewon Firmware | <= 10.0s0 |
Related Weaknesses (CWE)
References
- http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01Vendor Advisory
- http://packetstormsecurity.com/files/135069/eWON-XSS-CSRF-Session-Management-RBA
- http://seclists.org/fulldisclosure/2015/Dec/118
- http://www.securityfocus.com/bid/79625
- https://ics-cert.us-cert.gov/advisories/ICSA-15-351-03Third Party AdvisoryUS Government Resource
- http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01Vendor Advisory
- http://packetstormsecurity.com/files/135069/eWON-XSS-CSRF-Session-Management-RBA
- http://seclists.org/fulldisclosure/2015/Dec/118
- http://www.securityfocus.com/bid/79625
- https://ics-cert.us-cert.gov/advisories/ICSA-15-351-03Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2015-7925?
CVE-2015-7925 is a vulnerability with a CVSS score of 8.0 (HIGH). Cross-site request forgery (CSRF) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to hijack the authentication of administrators for requests that trigger firmware u...
How severe is CVE-2015-7925?
CVE-2015-7925 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-7925?
Check the references section above for vendor advisories and patch information. Affected products include: Ewon Ewon Firmware.