CVE-2018-25151 MEDIUM

CVE-2018-25151: Ecessa WANWorx WVR-30 < 10.7.4 Cross-Site Request Forgery via User Configuration

Vendor Ecessa Corporation

Product WANWorx WVR-30

Weakness CWE-352 · CSRF

Published December 24, 2025

Last update December 24, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Ecessa WANWorx WVR-30 versions before 10.7.4 contain a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft a malicious web page with a hidden form to create a new superuser account by tricking an authenticated administrator into loading the page.

Key dates

02Disclosure timeline

December 24, 2025 CVE published

December 24, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-25151 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

Identifiers

CVE CVE-2018-25151

CWE CWE-352

CVSS 5.1 / MEDIUM

Affected versions

Vendor Ecessa Corporation

Product WANWorx WVR-30

Affected < 10.7.4

Vendor Ecessa Corporation

Product WANWorx WVR-30

Affected 10.7.4

Vendor Ecessa Corporation

Product WANWorx WVR-30

Affected 10.6.9

Vendor Ecessa Corporation

Product WANWorx WVR-30

Affected 10.6.5.2

Vendor Ecessa Corporation

Product WANWorx WVR-30

Affected 10.5.4

Vendor Ecessa Corporation

Product WANWorx WVR-30

Affected 10.2.24

Vendor Ecessa Corporation

Product WANWorx WVR-30

Affected 9.2.24

CVE-2018-25151: Ecessa WANWorx WVR-30 < 10.7.4 Cross-Site Request Forgery via User Configuration

01Description

02Disclosure timeline

03References

04Related CVE