Cross-site request forgery in MEIKYO ELECTRIC products - CVE-2022-27632
Published: May 9, 2022
Vulnerability identifier: #VU62850
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-27632
CWE-ID: CWE-352
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
WATCH BOOT nino RPC-M2C
WATCH BOOT light RPC-M5C
WATCH BOOT L-zero RPC-M4L
WATCH BOOT mini RPC-M4H
WATCH BOOT nino RPC-M2CS
WATCH BOOT light RPC-M5CS
WATCH BOOT L-zero RPC-M4LS
Signage Rebooter RPC-M4HSi
PoE BOOT nino PoE8M2
TIME BOOT mini RSC-MT4H
TIME BOOT RSC-MT8F
TIME BOOT RSC-MT8FP
TIME BOOT mini RSC-MT4HS
TIME BOOT RSC-MT8FS
POSE SE10-8A7B1
WATCH BOOT nino RPC-M2C
WATCH BOOT light RPC-M5C
WATCH BOOT L-zero RPC-M4L
WATCH BOOT mini RPC-M4H
WATCH BOOT nino RPC-M2CS
WATCH BOOT light RPC-M5CS
WATCH BOOT L-zero RPC-M4LS
Signage Rebooter RPC-M4HSi
PoE BOOT nino PoE8M2
TIME BOOT mini RSC-MT4H
TIME BOOT RSC-MT8F
TIME BOOT RSC-MT8FP
TIME BOOT mini RSC-MT4HS
TIME BOOT RSC-MT8FS
POSE SE10-8A7B1
Software vendor:
MEIKYO ELECTRIC
MEIKYO ELECTRIC
Description
The vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.