CSRF Token Generation Vulnerability in BINOM3 Universal Multifunctional Electric Power Quality Meter

CSRF Token Generation Vulnerability in BINOM3 Universal Multifunctional Electric Power Quality Meter

CVE-2017-5165 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. There is no CSRF Token generated per page and/or per (sensitive) function. Successful exploitation of this vulnerability can allow silent execution of unauthorized actions on the device such as configuration parameter changes, and saving modified configuration.

Learn more about our Code Quality Review.