Ecessa Edge EV150 Cross-Site Request Forgery Vulnerability Allowing Unauthorized Administrative Account Creation
Vulnerability
A cross-site request forgery (CSRF) vulnerability has been identified in Ecessa Edge EV150 version 10.7.4. This vulnerability allows attackers to create administrative user accounts without authentication. By crafting a malicious web page that submits requests to the '/cgi-bin/pl_web.cgi/util_configlogin_act' endpoint, attackers can add superuser accounts with arbitrary credentials.
Impact
Exploitation of this vulnerability allows for the creation of unauthorized administrative accounts, potentially leading to unauthorized access and privileges on the affected system.
Reproduction
To reproduce this vulnerability, a malicious web page must be created that includes a form. This form should be set to submit to the '/cgi-bin/pl_web.cgi/util_configlogin_act' endpoint via POST. The form must include specific hidden input fields that specify the usernames, passwords, and superuser status for the accounts to be created. Once the form is submitted, the targeted Ecessa Edge device will process the request and create the specified user accounts with administrative privileges.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.