HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when using the EEM driver (Ethernet Emulation Mode). By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to upload a configuration file to the device. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HHidglobal Omnikey 5127
HWHidglobalwszystkie wersjeHidglobal Omnikey 5127 Firmware
OSHidglobalwszystkie wersjeHidglobal Omnikey 5427
HWHidglobalwszystkie wersjeHidglobal Omnikey 5427 Firmware
OSHidglobalwszystkie wersje
Powiązane podatności
An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to u...
An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer....
An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell co...
The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation...
An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can o...