CVE-2023-45317
Severity CVSS v4.0:
Pending analysis
Type:
CWE-352
Cross-Site Request Forgery (CSRF)
Publication date:
26/10/2023
Last modified:
07/11/2023
Description
<br />
The application interface allows users to perform certain actions via <br />
HTTP requests without performing any validity checks to verify the <br />
requests. This can be exploited to perform certain actions with <br />
administrative privileges if a logged-in user visits a malicious web <br />
site.<br />
<br />
<br />
<br />
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:sielco:analog_fm_transmitter_exc5000gx_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sielco:analog_fm_transmitter_exc5000gx:2.12:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sielco:analog_fm_transmitter_exc120gx_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sielco:analog_fm_transmitter_exc120gx:2.12:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sielco:analog_fm_transmitter_exc300gx_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sielco:analog_fm_transmitter_exc300gx:2.11:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sielco:analog_fm_transmitter_exc1600gx_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sielco:analog_fm_transmitter_exc1600gx:2.10:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sielco:analog_fm_transmitter_exc2000gx_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sielco:analog_fm_transmitter_exc2000gx:2.10:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sielco:analog_fm_transmitter_exc1600gx_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sielco:analog_fm_transmitter_exc1600gx:2.08:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sielco:analog_fm_transmitter_exc1000gx_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sielco:analog_fm_transmitter_exc1000gx:2.08:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sielco:analog_fm_transmitter_exc3000gx_firmware:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page