A Cross-Site Request Forgery issue exists in Sierra Wireless AirLink Raven XE, all versions before 4.0.14, and AirLink Raven XT, all versions before 4.0.11. Affected devices do not verify if a request was intentionally sent by the logged-in user, which may allow an malicious user to trick a client into making an unintentional request to the web server that will be treated as an authentic request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sierra_wireless airlink_raven_xe_firmware |
||
sierra_wireless airlink_raven_xt_firmware - |