Details of VAR-202409-0991

ID

VAR-202409-0991

CVE

CVE-2024-45372

TITLE

Multiple vulnerabilities in Planex network equipment

Trust: 0.8

sources: JVNDB: JVNDB-2024-000101

DESCRIPTION

MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Viewing a malicious page while logging in to the web management page of the affected product may lead the user to perform unintended operations such as changing the login password, etc. None

Trust: 1.62

sources: NVD: CVE-2024-45372 // JVNDB: JVNDB-2024-000101

AFFECTED PRODUCTS

vendor:	planex	model:	mzk-dp300n	scope:	lte	version:	1.04	Trust: 1.0
vendor:	プラネックスコミュニケーションズ株式会社	model:	cs-qr10	scope:	-	version:	-	Trust: 0.8
vendor:	プラネックスコミュニケーションズ株式会社	model:	cs-qr300	scope:	-	version:	-	Trust: 0.8
vendor:	プラネックスコミュニケーションズ株式会社	model:	cs-qr22	scope:	-	version:	-	Trust: 0.8
vendor:	プラネックスコミュニケーションズ株式会社	model:	mzk-dp300n	scope:	lte	version:	firmware 1.04 and earlier (cve-2024-45372)	Trust: 0.8
vendor:	プラネックスコミュニケーションズ株式会社	model:	cs-qr20	scope:	-	version:	-	Trust: 0.8
vendor:	プラネックスコミュニケーションズ株式会社	model:	cs-qr220	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2024-000101 // NVD: CVE-2024-45372

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2024-45372
value:	MEDIUM
Trust: 1.0
IPA:	JVNDB-2024-000101
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2024-45372
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
IPA:	JVNDB-2024-000101
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-000101 // NVD: CVE-2024-45372

PROBLEMTYPE DATA

problemtype:	CWE-352	Trust: 1.0
problemtype:	Cross-site scripting (CWE-79) [IPA evaluation ]	Trust: 0.8
problemtype:	Cross-site request forgery (CWE-352) [IPA evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-000101 // NVD: CVE-2024-45372

PATCH

title:

Planex Communications Inc. announcement page

url:

https://www.planex.co.jp/support/download/mzk-dp300n/

Trust: 0.8

sources: JVNDB: JVNDB-2024-000101

EXTERNAL IDS

db:	JVN	id:	JVN81966868	Trust: 1.8
db:	NVD	id:	CVE-2024-45372	Trust: 1.8
db:	JVNDB	id:	JVNDB-2024-000101	Trust: 0.8

sources: JVNDB: JVNDB-2024-000101 // NVD: CVE-2024-45372

REFERENCES

url:	https://jvn.jp/en/jp/jvn81966868/	Trust: 1.0
url:	https://www.planex.co.jp/support/download/mzk-dp300n/	Trust: 1.0
url:	https://jvn.jp/jp/jvn81966868/index.html	Trust: 0.8

sources: JVNDB: JVNDB-2024-000101 // NVD: CVE-2024-45372

SOURCES

db:	JVNDB	id:	JVNDB-2024-000101
db:	NVD	id:	CVE-2024-45372

LAST UPDATE DATE

2024-10-04T02:28:39.587000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-000101	date:	2024-09-24T03:10:00
db:	NVD	id:	CVE-2024-45372	date:	2024-10-03T00:34:04.693

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-000101	date:	2024-09-24T00:00:00
db:	NVD	id:	CVE-2024-45372	date:	2024-09-26T05:15:12.100