CVE-2020-16208
published 2020-09-01CVE-2020-16208: The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a device by luring an…
PriorityP340high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
1.24%
65.4th percentile
The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a device by luring an authenticated user to click on a crafted link on the N-Tron 702-W / 702M12-W (all versions).
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| n-tron_702-w | 702m12-w | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w5pg-q72w-mggw: The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a device by luring
ghsa_unreviewed·2022-05-24
CVE-2020-16208 [HIGH] GHSA-w5pg-q72w-mggw: The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a device by luring
The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a device by luring an authenticated user to click on a crafted link on the N-Tron 702-W / 702M12-W (all versions).
CISA ICS
Red Lion N-Tron 702-W, 702M12-W
cisa_ics·2020-08-27·CVSS 9.0
[CRITICAL] Red Lion N-Tron 702-W, 702M12-W
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Red Lion N-Tron 702-W, 702M12-W
Last RevisedAugust 27, 2020
Alert CodeICSA-20-240-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Red Lion
- Equipment: N-Tron 702-W / 702M12-W
- Vulnerabilities: Reflected Cross-site Scripting, Stored Cross-site Scripting, Cross-site Request Forgery, Hidden Functionality, Use of Unmaintained Third-Party Components
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to sensitive information, execute system co
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.htmlhttp://seclists.org/fulldisclosure/2020/Sep/6https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01http://packetstormsecurity.com/files/159064/Red-Lion-N-Tron-702-W-702M12-W-2.0.26-XSS-CSRF-Shell.htmlhttp://seclists.org/fulldisclosure/2020/Sep/6https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01
2020-09-01
Published