vendor:
Vifi Radio v1
by:
KnocKout
4,3
CVSS
MEDIUM
CSRF (Arbitrary Change Password)
352
CWE
Product Name: Vifi Radio v1
Affected Version From: v1
Affected Version To: v1
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Mozilla Firefox
2020
Vifi Radio v1 – CSRF (Arbitrary Change Password) Exploit
Vifi Radio v1 is vulnerable to CSRF (Cross-Site Request Forgery) which allows an attacker to change the password of any user without their knowledge. An attacker can craft a malicious HTML page containing a form with hidden fields and submit it to the vulnerable application. This will cause the application to change the password of the user without their knowledge or consent.
Mitigation:
The application should implement a CSRF token in the form to prevent CSRF attacks.
