During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms.  Publicly available source code of "/registered.php" discloses that path, allowing an attacker to attempt further attacks.   This issue affects MegaBIP software versions below 5.15
History

Fri, 10 Jan 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 10 Jan 2025 18:00:00 +0000

Type Values Removed Values Added
Description During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms.  Publicly available source code of "/registered.php" discloses that path, allowing an attacker to attempt further attacks.   This issue affects MegaBIP software versions below 5.15
Title CSRF in MegaBIP
Weaknesses CWE-538
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published: 2025-01-10T17:51:32.583Z

Updated: 2025-01-10T18:12:46.647Z

Reserved: 2024-07-18T11:50:05.563Z

Link: CVE-2024-6880

cve-icon Vulnrichment

Updated: 2025-01-10T18:12:42.548Z

cve-icon NVD

Status : Received

Published: 2025-01-10T18:15:26.350

Modified: 2025-01-10T18:15:26.350

Link: CVE-2024-6880

cve-icon Redhat

No data.