Primary

Context

Teradek Slice Cross-Site Request Forgery Vulnerability in Version 7.3.15

Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in the Teradek Slice firmware version 7.3.15. This vulnerability allows attackers to change administrative passwords without proper request validation. By crafting a malicious web page that automatically submits password change requests, an attacker can exploit this issue when a logged-in user visits the page.

Impact

Exploitation of this vulnerability allows for unauthorized password changes, potentially leading to unauthorized administrative access.

Reproduction

To reproduce this vulnerability, a CSRF exploit can be used. This involves creating a web page that automatically sends a password change request to the Teradek Slice device. The request must include the new password, the username (admin), and be triggered when a logged-in user visits the page.

Added: Dec 24, 2025, 8:37 PM

Updated: Dec 24, 2025, 9:42 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

0.6

exploitability

7.4

remediation

0.0

relevance

1.6

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

0.6

exploitability

7.4

remediation

0.0

relevance

1.6

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Teradek Slice Cross-Site Request Forgery Vulnerability in Version 7.3.15

Vulnerability

Impact

Reproduction

Affected Products

Teradek Slice

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating