CVE-2017-5165

Severity CVSS v4.0:
Pending analysis
Type:
CWE-352 Cross-Site Request Forgery (CSRF)
Publication date:
13/02/2017
Last modified:
20/04/2025

Description

An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. There is no CSRF Token generated per page and/or per (sensitive) function. Successful exploitation of this vulnerability can allow silent execution of unauthorized actions on the device such as configuration parameter changes, and saving modified configuration.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:binom3:universal_multifunctional_electric_power_quality_meter_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:binom3:universal_multifunctional_electric_power_quality_meter:-:*:*:*:*:*:*:*