CHOCO TEI WATCHER mini Improper UI Layer Restriction Vulnerability Allowing Clickjacking
Vulnerability
A clickjacking vulnerability has been identified in CHOCO TEI WATCHER mini (IB-MCT001) all versions. This issue arises from improper restriction of rendered UI layers, allowing unintended operations to be performed on the product. The vulnerability can be exploited if a user clicks on content on a malicious web page while logged into the application.
Impact
Exploitation of this vulnerability allows for clickjacking attacks, where a user is tricked into interacting with content or controls in a way that could lead to unintended actions being performed on the product.
Remediation
Users are advised to limit the use of the product to local area networks (LAN) and to restrict access from untrusted networks and hosts. When internet access is necessary, a firewall or virtual private network (VPN) should be used to prevent unauthorized access and to minimize exposure.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.