Cross-site request forgery in ioLogik - CVE-2016-8350
Published: October 18, 2016
Vulnerability identifier: #VU1026
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-8350
CWE-ID: CWE-352
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Moxa
Affected software:
ioLogik
ioLogik
Detailed vulnerability description
The vulnerability allows a remote unauthenticated user to perform cross-site request forgery attack on the target system.
The weakness is due to improper request verification that allows attackers to conduct CSRF attack.
Successful exploitation of the vulnerability may result in full vulnerable system compromise.
The weakness is due to improper request verification that allows attackers to conduct CSRF attack.
Successful exploitation of the vulnerability may result in full vulnerable system compromise.
How to mitigate CVE-2016-8350
Update firmware to the latest versions.