Primary

Context

Teradek VidiU Pro Cross-Site Request Forgery Vulnerability Allowing Password Change

Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in the Teradek VidiU Pro version 3.0.3, as well as in versions 3.0.2 and 2.4.10. This vulnerability allows attackers to change administrative passwords without proper request validation. By crafting malicious web pages that automatically submit password change requests, an attacker can exploit this issue when a logged-in administrator visits the page.

Impact

Exploitation of this vulnerability allows for unauthorized password changes, potentially leading to unauthorized access or actions on behalf of the administrator.

Reproduction

To reproduce this vulnerability, a logged-in administrator must be tricked into visiting a malicious web page that automatically submits a password change request to the Teradek VidiU Pro device. The request must include the new password, the password confirmation, and the username of the administrator.

Added: Dec 24, 2025, 8:24 PM

Updated: Dec 24, 2025, 9:29 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

7.4

remediation

0.0

relevance

1.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

7.4

remediation

0.0

relevance

1.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Teradek VidiU Pro Cross-Site Request Forgery Vulnerability Allowing Password Change

Vulnerability

Impact

Reproduction

Affected Products

Teradek VidiU

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating