Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Lifecycle Timeline
3DescriptionCVE.org
The application is vulnerable to cross-site request forgery. An attacker can trick a valid, logged in user into submitting a web request that they did not intend. The request uses the victim's browser's saved authorization to execute the request.
Analysis
The application is vulnerable to cross-site request forgery. An attacker can trick a valid, logged in user into submitting a web request that they did not intend. The request uses the victim's browser's saved authorization to execute the request.
Technical ContextAI
Cross-Site Request Forgery forces authenticated users to perform unintended actions by tricking their browser into sending forged requests. This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352).
RemediationAI
Implement anti-CSRF tokens for all state-changing operations. Use SameSite cookie attribute. Verify the Origin/Referer header on the server side.
More in Meac300 Fnade4 Firmware
View allThe application is vulnerable to SQL injection attacks. An attacker is able to dump the PostgreSQL database and read its
During startup, the device automatically logs in the EPC2 Windows user without requesting a password.
The hard drives of the device are not encrypted using a full volume encryption feature such as BitLocker. This allows an
The SMB server's login mechanism does not implement sufficient measures to prevent multiple failed authentication attemp
The MEAC300-FNADE4 does not implement sufficient measures to prevent multiple failed authentication attempts within a sh
The maxView Storage Manager does not implement sufficient measures to prevent multiple failed authentication attempts wi
The web application is susceptible to cross-site-scripting attacks. An attacker can create a prepared URL, which injects
The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboards can inject
CVE-2025-1709 is a security vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management proced
All communication between the VNC server and client(s) is unencrypted. This allows an attacker to intercept the traffic
A remote code execution vulnerability in Secure attribute (CVSS 6.5). Remediation should follow standard vulnerability m
The VNC authentication mechanism bases on a challenge-response system where both server and client use the same password
Same weakness CWE-352 – Cross-Site Request Forgery (CSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-19874