CVE-2024-11014 MEDIUM

CVE-2024-11014

Vendor Nec Corporation
Product UNIVERGE IX
Weakness CWE-352 · CSRF
Published November 29, 2024
Last update July 24, 2025
View on NVD All CVEs

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Cross-site request forgery (CSRF) vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27 and for Ver10.9 up to Ver10.9.14 allows a attacker to hijack the authentication of screens on the device via the management interface.

Key dates

02Disclosure timeline

November 29, 2024 CVE published
July 24, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-13144 ContentStudio <= 1.3.7 - Cross-Site Request Forgery to Settings Update CVE-2023-45656 WordPress Lazy Load for Videos Plugin <= 2.18.2 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2023-25467 WordPress Resize at Upload Plus Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2025-32262 WordPress RDP Wiki Embed plugin <= 1.2.20 - Cross Site Request Forgery (CSRF) Vulnerability CVE-2022-29453 WordPress API KEY for Google Maps plugin <= 1.2.1 - CSRF vulnerability leading to Google Maps API key update