First published: Tue Jan 17 2023(Updated: )
Cross-site request forgery (CSRF) vulnerability in MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allows a remote unauthenticated attacker to hijack the user authentication and conduct user's unintended operations by having a user to view a malicious page while logged in.
Credit: vultures@jpcert.or.jp
Affected Software | Affected Version | How to fix |
---|---|---|
Ate-mahoroba Maho-pbx Netdevancer Firmware | <1.11.00 | |
Ate-mahoroba Maho-pbx Netdevancer | ||
Ate-mahoroba Maho-pbx Netdevancer Vsg Firmware | <1.11.00 | |
Ate-mahoroba Maho-pbx Netdevancer Vsg | ||
Ate-mahoroba Maho-pbx Netdevancer Mobilegate Firmware | <1.11.00 | |
Ate-mahoroba Maho-pbx Netdevancer Mobilegate | ||
Ate-mahoroba Maho-pbx Netdevancer Firmware | <1.11.00 | |
Ate-mahoroba Maho-pbx Netdevancer | ||
Ate-mahoroba Maho-pbx Netdevancer Firmware | <1.11.00 | |
Ate-mahoroba Maho-pbx Netdevancer | ||
Ate-mahoroba Maho-pbx Netdevancer Firmware | <1.11.00 | |
Ate-mahoroba Maho-pbx Netdevancer | ||
Ate-mahoroba Maho-pbx Netdevancer Vsg Firmware | <1.11.00 | |
Ate-mahoroba Maho-pbx Netdevancer Vsg | ||
Ate-mahoroba Maho-pbx Netdevancer Mobilegate Firmware | <1.11.00 | |
Ate-mahoroba Maho-pbx Netdevancer Mobilegate |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The CVE ID of this vulnerability is CVE-2023-22286.
CVE-2023-22286 has a severity rating of 8.1 (high).
The affected software of CVE-2023-22286 includes MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00.
CVE-2023-22286 has a CWE ID of 352.
To fix the CSRF vulnerability in MAHO-PBX NetDevancer, update to Ver.1.11.00 or later.