Vulnerability Details CVE-2019-25252
Teradek VidiU Pro 3.0.3 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft malicious web pages that automatically submit password change requests to the device when a logged-in administrator visits the page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 3.6%
CVSS Severity
CVSS v3 Score 5.3
References
Products affected by CVE-2019-25252
-
cpe:2.3:h:teradek:vidiu:-
-
cpe:2.3:h:teradek:vidiu_mini:-
-
cpe:2.3:h:teradek:vidiu_pro:-
-
cpe:2.3:o:teradek:vidiu_firmware:2.4.10
-
cpe:2.3:o:teradek:vidiu_firmware:3.0.2
-
cpe:2.3:o:teradek:vidiu_firmware:3.0.3
-
cpe:2.3:o:teradek:vidiu_mini_firmware:2.4.10
-
cpe:2.3:o:teradek:vidiu_mini_firmware:3.0.2
-
cpe:2.3:o:teradek:vidiu_mini_firmware:3.0.3
-
cpe:2.3:o:teradek:vidiu_pro_firmware:2.4.10
-
cpe:2.3:o:teradek:vidiu_pro_firmware:3.0.2
-
cpe:2.3:o:teradek:vidiu_pro_firmware:3.0.3