{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45372", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2024-09-10T06:57:25.565Z", "datePublished": "2024-09-26T04:06:47.174Z", "dateUpdated": "2024-09-26T13:38:09.590Z"}, "containers": {"cna": {"affected": [{"vendor": "PLANEX COMMUNICATIONS INC.", "product": "MZK-DP300N", "versions": [{"version": "firmware versions 1.04 and earlier", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Viewing a malicious page while logging in to the web management page of the affected product may lead the user to perform unintended operations such as changing the login password, etc."}], "problemTypes": [{"descriptions": [{"description": "Cross-site request forgery (CSRF)", "lang": "en-US", "cweId": "CWE-352", "type": "CWE"}]}], "references": [{"url": "https://www.planex.co.jp/support/download/mzk-dp300n/"}, {"url": "https://jvn.jp/en/jp/JVN81966868/"}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-09-26T04:06:47.174Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-26T13:37:59.352659Z", "id": "CVE-2024-45372", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-26T13:38:09.590Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-45372", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-26T13:37:59.352659Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-26T13:38:04.884Z"}}], "cna": {"affected": [{"vendor": "PLANEX COMMUNICATIONS INC.", "product": "MZK-DP300N", "versions": [{"status": "affected", "version": "firmware versions 1.04 and earlier"}]}], "references": [{"url": "https://www.planex.co.jp/support/download/mzk-dp300n/"}, {"url": "https://jvn.jp/en/jp/JVN81966868/"}], "descriptions": [{"lang": "en", "value": "MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Viewing a malicious page while logging in to the web management page of the affected product may lead the user to perform unintended operations such as changing the login password, etc."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-352", "description": "Cross-site request forgery (CSRF)"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-09-26T04:06:47.174Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45372", "state": "PUBLISHED", "dateUpdated": "2024-09-26T13:38:09.590Z", "dateReserved": "2024-09-10T06:57:25.565Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2024-09-26T04:06:47.174Z", "assignerShortName": "jpcert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:planex:mzk-dp300n_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE648DB3-3244-4545-A8A4-0A2AC0D2FBFD", "versionEndIncluding": "1.04", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:planex:mzk-dp300n:-:*:*:*:*:*:*:*", "matchCriteriaId": "9C32FA46-24FC-4AD4-94F9-0A4D569D19D0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Viewing a malicious page while logging in to the web management page of the affected product may lead the user to perform unintended operations such as changing the login password, etc."}, {"lang": "es", "value": "Las versiones de firmware 1.04 y anteriores del MZK-DP300N contienen una vulnerabilidad de cross-site request forgery. Al visualizar una p\u00e1gina maliciosa mientras se inicia sesi\u00f3n en la p\u00e1gina de administraci\u00f3n web del producto afectado, el usuario puede realizar operaciones no deseadas, como cambiar la contrase\u00f1a de inicio de sesi\u00f3n, etc."}], "id": "CVE-2024-45372", "lastModified": "2024-10-03T00:34:04.693", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-09-26T05:15:12.100", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN81966868/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Product"], "url": "https://www.planex.co.jp/support/download/mzk-dp300n/"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-352"}], "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}

{}