HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when using the EEM driver (Ethernet Emulation Mode). By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to upload a configuration file to the device. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hidglobal omnikey_5427_firmware - |
||
hidglobal omnikey_5127_firmware - |