CVE-2020-7503
Severity
8.8HIGH
EPSS
0.2%
top 62.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 16
Latest updateMay 24
Description
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to execute malicious commands on behalf of a legitimate user when xsrf-token data is intercepted.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages2 packages
▶CVEListV5easergy_t300_(firmware_version_1.5.2_and_older)Easergy T300 (Firmware version 1.5.2 and older)