Vulnerability Details CVE-2019-25251
Teradek VidiU Pro 3.0.3 contains a server-side request forgery vulnerability in the management interface that allows attackers to manipulate GET parameters 'url' and 'xml_url'. Attackers can exploit this flaw to bypass firewalls, initiate network enumeration, and potentially trigger external HTTP requests to arbitrary destinations.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 9.8%
CVSS Severity
CVSS v3 Score 5.3
References
Products affected by CVE-2019-25251
-
cpe:2.3:h:teradek:vidiu:-
-
cpe:2.3:h:teradek:vidiu_mini:-
-
cpe:2.3:h:teradek:vidiu_pro:-
-
cpe:2.3:o:teradek:vidiu_firmware:2.4.10
-
cpe:2.3:o:teradek:vidiu_firmware:3.0.2
-
cpe:2.3:o:teradek:vidiu_firmware:3.0.3
-
cpe:2.3:o:teradek:vidiu_mini_firmware:2.4.10
-
cpe:2.3:o:teradek:vidiu_mini_firmware:3.0.2
-
cpe:2.3:o:teradek:vidiu_mini_firmware:3.0.3
-
cpe:2.3:o:teradek:vidiu_pro_firmware:2.4.10
-
cpe:2.3:o:teradek:vidiu_pro_firmware:3.0.2
-
cpe:2.3:o:teradek:vidiu_pro_firmware:3.0.3