Cross-site request forgery in Sielco products - CVE-2023-45317
Published: October 27, 2023
Vulnerability identifier: #VU82527
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-45317
CWE-ID: CWE-352
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Analog FM transmitter EXC5000GX
Analog FM transmitter EXC120GX
Analog FM transmitter EXC300GX
Analog FM transmitter EXC1600GX
Analog FM transmitter EXC2000GX
Analog FM transmitter EXC1000GX
Analog FM transmitter EXC3000GX
Analog FM transmitter EXC30GT
Analog FM transmitter EXC300GT
Analog FM transmitter EXC100GT
Analog FM transmitter EXC5000GT
Analog FM transmitter EXC1000GT
Analog FM transmitter: EXC120GT
Radio Link RTX19
Radio Link EXC19
Analog FM transmitter EXC5000GX
Analog FM transmitter EXC120GX
Analog FM transmitter EXC300GX
Analog FM transmitter EXC1600GX
Analog FM transmitter EXC2000GX
Analog FM transmitter EXC1000GX
Analog FM transmitter EXC3000GX
Analog FM transmitter EXC30GT
Analog FM transmitter EXC300GT
Analog FM transmitter EXC100GT
Analog FM transmitter EXC5000GT
Analog FM transmitter EXC1000GT
Analog FM transmitter: EXC120GT
Radio Link RTX19
Radio Link EXC19
Software vendor:
Sielco
Sielco
Description
The vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.