CVE-2019-3410 MEDIUM

CVE-2019-3410

Vendor Zte
Product ZTE WF820+ LTE Outdoor CPE
Published June 11, 2019
Last update August 4, 2024

CVSS base score

4.6/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by Cross-Site Request Forgery vulnerability,which stems from the fact that WEB applications do not adequately verify whether requests come from trusted users. An attacker can exploit this vulnerability to send unexpected requests to the server through the affected client.

Key dates

02Disclosure timeline

June 11, 2019 CVE published
August 4, 2024 Record updated