CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2020-36283

CVSS 9.6v3.1pub. 2021-03-24upd. 2024-11-21

HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when using the EEM driver (Ethernet Emulation Mode). By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to upload a configuration file to the device. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
  • Hidglobal Omnikey 5127

    HW
    Hidglobal
    wszystkie wersje
  • Hidglobal Omnikey 5127 Firmware

    OS
    Hidglobal
    wszystkie wersje
  • Hidglobal Omnikey 5427

    HW
    Hidglobal
    wszystkie wersje
  • Hidglobal Omnikey 5427 Firmware

    OS
    Hidglobal
    wszystkie wersje
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2022-31483CRITICAL9.1ten sam vendor

An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to u...

CVE-2022-31481CRITICAL10.0ten sam vendor

An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer....

CVE-2022-31479CRITICAL9.6ten sam vendor

An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell co...

CVE-2023-2904HIGH7.3ten sam vendor

The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation...

CVE-2022-31482HIGH7.5ten sam vendor

An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can o...