CVE-2022-34020 The ResIOT IOT Platform and LoRaWAN Network Server has a CSRF vulnerability that can be used to add new admin users. This vulnerability could also have other impacts.

This vulnerability allows remote attackers to add new admin users to the platform or other unspecified impacts by sending a CSRF request to the application. The security risk of the CSRF vulnerability in the IOT Platform + LoRaWAN Network Server application is estimated as medium/ high. A remote attacker can exploit this vulnerability by sending a CSRF request to the application via 4.1.1000114. The default installation does not protect against this type of attack. The IOT Platform + LoRaWAN Network Server application is configured to accept CSRF requests, which makes it easier for a remote attacker to exploit. The application has a failure to prevent CSRF attacks, allowing attackers to exploit it by sending a CSRF request. The probability of a target of a CSRF attack being affected is medium. However, due to the possible command injection and open Redirect vulnerabilities, the attack vector can be exploited by hackers. In addition, the application allows unauthenticated remote attackers to execute code, resulting in the exposure of sensitive information or the installation of malware. The IOT Platform + LoRaWAN Network Server is exposed to CSRF, which makes it possible for remote attackers to perform attacks. REFERENCE: CVE-2018-8776

IOT Platform + LoRaWAN Network Server

The IOT Platform + LoRaWAN Network Server application has a CSRF vulnerability. This is due to the fact that the application accepts unsolicited requests and has a failure to prevent CSRF attacks. The security risk of this vulnerability is medium/high. The possible impacts are: add new admin users, change an existing user's password, or perform other unspecified impacts.

Product stability

The product is prone to many security vulnerabilities. The application is vulnerable to CSRF, which makes it possible for remote attackers to perform attacks. In addition, the application allows unauthenticated remote attackers to execute code, resulting in the exposure of sensitive information or the installation of malware. The application has a failure to prevent CSRF attacks, allowing attackers to exploit it by sending a CSRF request. The probability of a target of a CSRF attack being affected is medium. However, due to the possible command injection and open Redirect vulnerabilities, the attack vector can be exploited by hackers. In addition, the application allows unauthenticated remote attackers to execute code, resulting in the exposure of sensitive information or the installation of malware.

Summary

The vulnerability allows remote attackers to add new admin users to the platform or cause other unspecified impacts.
The IOT Platform + LoRaWAN Network Server application is exposed to CSRF, which makes it possible for remote attackers to perform attacks.

The IOT Platform + LoRaWAN Network Server application has vulnerabilities. One of them is a CSRF vulnerability that allows remote attackers to add new admin users to the platform or other unspecified impacts by sending a CSRF request to the application. This vulnerability is rated medium/high.

Another insecurity found in this product is a failure to prevent CSRF attacks, allowing attackers to exploit it by sending a CSRF request. The probability of target being affected by this attack vector is medium. However, due to the possible command injection and open Redirect vulnerabilities, the attack vector can be exploited by hackers. In addition, the application allows unauthenticated remote attackers to execute code, resulting in the exposure of sensitive information or the installation of malware.

Timeline

Published on: 10/13/2022 01:15:00 UTC
Last modified on: 11/04/2022 19:38:00 UTC

References