CVE-2018-7828

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

8.8HIGH

EPSS

0.2%

top 52.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Ime119-1ei Firmware Schneider-electric Ime119-1ep Firmware Schneider-electric Ime119-1es Firmware +56 more

Timeline

PublishedMay 22

Latest updateMay 24

Description

A Cross-Site Request Forgery (CSRF) vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera when an authenticated user clicks a specially crafted malicious link while logged into the camera.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages59 packages

▶NVDschneider-electric/ixe11_firmware< 2.2.3.0

▶NVDschneider-electric/ixe21_firmware< 2.2.3.0

▶NVDschneider-electric/ixe31_firmware< 2.2.3.0

▶NVDschneider-electric/ixes1_firmware< 2.2.3.0

▶NVDschneider-electric/ime119-1i_firmware< 2.2.3.0

🔴Vulnerability Details

GHSA

GHSA-3r4p-64cj-6xrc: A Cross-Site Request Forgery (CSRF) vulnerability exists in the 1st Gen↗2022-05-24

▶

CVEList

CVE-2018-7828: A Cross-Site Request Forgery (CSRF) vulnerability exists in the 1st Gen↗2019-05-22

▶