Vulnerabilities > CVE-2024-0555 - Unspecified vulnerability in Xantech Wic1200 Firmware 1.1

CVSS 8.0 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

xantech

NVD

Published: 2024-01-16

Updated: 2024-11-21

Summary

A Cross-Site Request Forgery (CSRF) vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could lead another user into executing unwanted actions inside the application they are logged in. This vulnerability is possible due to the lack of propper CSRF token implementation.

Vulnerable Configurations

Part	Description	Count
OS	Xantech Xantech Wic1200 Firmware 1.1	1
Hardware	Xantech Xantech Wic1200 -	1

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200