CVE-2024-2741 HIGH

CVE-2024-2741: Cross-Site Request Forgery in Planet IGS-4215-16T2S

Vendor Planet

Product IGS-4215-16T2S

Weakness CWE-352 · CSRF

Published March 21, 2024

Last update August 13, 2024

View on NVD All CVEs

CVSS base score

7.1/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Cross-Site Request Forgery (CSRF) vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. This vulnerability could allow a remote attacker to trick some authenticated users into performing actions in their session, such as adding or updating accounts through the Switch web interface.

Key dates

02Disclosure timeline

March 21, 2024 CVE published

August 13, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-2741 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2020-37145 HRSALE 1.1.8 - Cross-Site Request Forgery (Add Admin) CVE-2025-6781 Copymatic – AI Content Writer & Generator <= 2.1 - Cross-Site Request Forgery to Settings Update CVE-2024-49272 WordPress Social Auto Poster plugin <= 5.3.15 - Cross Site Request Forgery (CSRF) vulnerability CVE-2023-2893 WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_deactivate_product CVE-2022-41608 WordPress Asgaros Forum Plugin <= 2.2.0 is vulnerable to Cross Site Request Forgery (CSRF)