Primary

Context

Q-Free MaxTime CORS Origin Validation Error Vulnerability

Vulnerability

A vulnerability allowing origin validation errors in the CORS configuration has been identified in Q-Free MaxTime versions through 2.11.0. This flaw allows an unauthenticated remote attacker to manipulate the device's confidentiality, integrity, or availability by sending crafted URLs or HTTP requests.

Impact

Exploitation of this vulnerability could lead to unauthorized access or manipulation of sensitive data, potentially disrupting the device's normal operation.

Remediation

No official solution has been communicated by the vendor. As a temporary measure, it is recommended to exercise caution when opening untrusted links or visiting external websites while using a browsing session connected to the management web application of devices running Q-Free MaxTime versions through 2.11.0.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.9

exploitability

6.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.9

exploitability

6.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Q-Free MaxTime CORS Origin Validation Error Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating