Vulnerability Description
The Paradox IP150 Internet Module in version 1.40.00 is vulnerable to Cross-Site Request Forgery (CSRF) attacks due to a lack of countermeasures and the use of the HTTP method `GET` to introduce changes in the system.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2024/Jun/8
- https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240321-01_P
- https://www.paradox.com/Products/default.asp?CATID=3&SUBCATID=38&PRD=563
- http://seclists.org/fulldisclosure/2024/Jun/8
- https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240321-01_P
- https://www.paradox.com/Products/default.asp?CATID=3&SUBCATID=38&PRD=563
FAQ
What is CVE-2024-5676?
CVE-2024-5676 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The Paradox IP150 Internet Module in version 1.40.00 is vulnerable to Cross-Site Request Forgery (CSRF) attacks due to a lack of countermeasures and the use of the HTTP method `GET` to introduce chang...
How severe is CVE-2024-5676?
CVE-2024-5676 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-5676?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.