Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-5676

Summary
Assigner-sba-research
Assigner Org ID-1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a
Published At-19 Jun, 2024 | 09:47
Updated At-13 Feb, 2025 | 17:54
Rejected At-
Credits

Paradox IP150 Internet Module Cross-Site Request Forgery

The Paradox IP150 Internet Module in version 1.40.00 is vulnerable to Cross-Site Request Forgery (CSRF) attacks due to a lack of countermeasures and the use of the HTTP method `GET` to introduce changes in the system.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:sba-research
Assigner Org ID:1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a
Published At:19 Jun, 2024 | 09:47
Updated At:13 Feb, 2025 | 17:54
Rejected At:
▼CVE Numbering Authority (CNA)
Paradox IP150 Internet Module Cross-Site Request Forgery

The Paradox IP150 Internet Module in version 1.40.00 is vulnerable to Cross-Site Request Forgery (CSRF) attacks due to a lack of countermeasures and the use of the HTTP method `GET` to introduce changes in the system.

Affected Products
Vendor
Paradox Security Systems (Bahamas) Ltd.
Product
IP150 Internet Module
Default Status
unknown
Versions
Affected
  • 1.40.00 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-352CWE-352 Cross-Site Request Forgery (CSRF)
Type: CWE
CWE ID: CWE-352
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.16.8MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
Version: 3.1
Base score: 6.8
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Jakob Pachmann (SBA Research)
finder
Fabian Funder (SBA Research)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240321-01_Paradox_Cross_Site_Request_Forgery
third-party-advisory
https://www.paradox.com/Products/default.asp?CATID=3&SUBCATID=38&PRD=563
product
http://seclists.org/fulldisclosure/2024/Jun/8
N/A
Hyperlink: https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240321-01_Paradox_Cross_Site_Request_Forgery
Resource:
third-party-advisory
Hyperlink: https://www.paradox.com/Products/default.asp?CATID=3&SUBCATID=38&PRD=563
Resource:
product
Hyperlink: http://seclists.org/fulldisclosure/2024/Jun/8
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240321-01_Paradox_Cross_Site_Request_Forgery
third-party-advisory
x_transferred
https://www.paradox.com/Products/default.asp?CATID=3&SUBCATID=38&PRD=563
product
x_transferred
http://seclists.org/fulldisclosure/2024/Jun/8
x_transferred
Hyperlink: https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240321-01_Paradox_Cross_Site_Request_Forgery
Resource:
third-party-advisory
x_transferred
Hyperlink: https://www.paradox.com/Products/default.asp?CATID=3&SUBCATID=38&PRD=563
Resource:
product
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2024/Jun/8
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a
Published At:19 Jun, 2024 | 10:15
Updated At:24 Jun, 2024 | 05:15

The Paradox IP150 Internet Module in version 1.40.00 is vulnerable to Cross-Site Request Forgery (CSRF) attacks due to a lack of countermeasures and the use of the HTTP method `GET` to introduce changes in the system.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.8MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.8
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-352Secondary1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a
CWE ID: CWE-352
Type: Secondary
Source: 1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://seclists.org/fulldisclosure/2024/Jun/81e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a
N/A
https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240321-01_Paradox_Cross_Site_Request_Forgery1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a
N/A
https://www.paradox.com/Products/default.asp?CATID=3&SUBCATID=38&PRD=5631e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a
N/A
Hyperlink: http://seclists.org/fulldisclosure/2024/Jun/8
Source: 1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a
Resource: N/A
Hyperlink: https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240321-01_Paradox_Cross_Site_Request_Forgery
Source: 1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a
Resource: N/A
Hyperlink: https://www.paradox.com/Products/default.asp?CATID=3&SUBCATID=38&PRD=563
Source: 1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

6Records found
CVE-2025-31684
Matching Score-4
Assigner-Drupal.org
ShareView Details
Matching Score-4
Assigner-Drupal.org
CVSS Score-6.8||MEDIUM
EPSS-0.01% / 1.81%
||
7 Day CHG-0.02%
Published-31 Mar, 2025 | 21:43
Updated-28 Aug, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OAuth2 Client - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-013

Cross-Site Request Forgery (CSRF) vulnerability in Drupal OAuth2 Client allows Cross Site Request Forgery.This issue affects OAuth2 Client: from 0.0.0 before 4.1.3.

Action-Not Available
Vendor-mskccThe Drupal Association
Product-oauth2_clientOAuth2 Client
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31688
Matching Score-4
Assigner-Drupal.org
ShareView Details
Matching Score-4
Assigner-Drupal.org
CVSS Score-6.8||MEDIUM
EPSS-0.01% / 1.81%
||
7 Day CHG-0.02%
Published-31 Mar, 2025 | 21:45
Updated-28 Aug, 2025 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Configuration Split - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-017

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Configuration Split allows Cross Site Request Forgery.This issue affects Configuration Split: from 0.0.0 before 1.10.0, from 2.0.0 before 2.0.2.

Action-Not Available
Vendor-nuvoleThe Drupal Association
Product-configuration_splitConfiguration Split
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2022-20774
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.25% / 48.34%
||
7 Day CHG~0.00%
Published-06 Apr, 2022 | 18:12
Updated-06 Nov, 2024 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform configuration changes on the affected device, resulting in a denial of service (DoS) condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ip_phone_8841ip_phone_8832ip_phone_8861ip_phone_6851ip_phone_8845_firmwareip_phone_7841ip_phone_7811_firmwareip_phone_8811ip_phone_7832ip_phone_8811_firmwareip_phone_7861_firmwareip_phone_8845ip_phone_8851_firmwareip_phone_6841ip_phone_7821_firmwareip_phone_8841_firmwareip_phone_8865_firmwareip_phone_8865ip_phone_6851_firmwareip_phone_6871ip_phone_6871_firmwareip_phone_7841_firmwareip_phone_6825_firmwareip_phone_8832_firmwareip_phone_6825ip_phone_6861ip_phone_6861_firmwareip_phone_7832_firmwareip_phone_7861ip_phone_7811ip_phone_6841_firmwareip_phone_8861_firmwareip_phone_8851ip_phone_7821Cisco IP Phone 7800 Series with Multiplatform Firmware
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31683
Matching Score-4
Assigner-Drupal.org
ShareView Details
Matching Score-4
Assigner-Drupal.org
CVSS Score-6.8||MEDIUM
EPSS-0.01% / 2.04%
||
7 Day CHG-0.02%
Published-31 Mar, 2025 | 21:41
Updated-02 Jun, 2025 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Google Tag - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-012

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Google Tag allows Cross Site Request Forgery.This issue affects Google Tag: from 0.0.0 before 1.8.0, from 2.0.0 before 2.0.8.

Action-Not Available
Vendor-google_tag_projectThe Drupal Association
Product-google_tagGoogle Tag
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-31680
Matching Score-4
Assigner-Drupal.org
ShareView Details
Matching Score-4
Assigner-Drupal.org
CVSS Score-6.8||MEDIUM
EPSS-0.02% / 2.73%
||
7 Day CHG-0.01%
Published-31 Mar, 2025 | 21:39
Updated-02 Jun, 2025 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Matomo Analytics - Moderately critical - Cross site request forgery - SA-CONTRIB-2025-008

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Matomo Analytics allows Cross Site Request Forgery.This issue affects Matomo Analytics: from 0.0.0 before 1.24.0.

Action-Not Available
Vendor-matomo_analytics_projectThe Drupal Association
Product-matomo_analyticsMatomo Analytics
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-40048
Matching Score-4
Assigner-Progress Software Corporation
ShareView Details
Matching Score-4
Assigner-Progress Software Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.55% / 66.91%
||
7 Day CHG~0.00%
Published-27 Sep, 2023 | 14:51
Updated-23 Sep, 2024 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WS_FTP Server Cross-Site Request Forgery (CSRF) Vulnerability

In WS_FTP Server version prior to 8.8.2, the WS_FTP Server Manager interface was missing cross-site request forgery (CSRF) protection on a POST transaction corresponding to a WS_FTP Server administrative function.

Action-Not Available
Vendor-Progress Software Corporation
Product-ws_ftp_serverWS_FTP Server
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
Details not found