Description
Cross-site request forgery (CSRF) vulnerability in html/json.html on HP 2620 switches allows remote attackers to hijack the authentication of administrators for requests that change an administrative password via the setPassword method.
Exploits (1)
exploitdb
WORKING POC
by Hubert Gradek · textwebappshardware
https://www.exploit-db.com/exploits/28562
References (1)
Core 1
Core References
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/28562/
Scores
EPSS
0.0029
EPSS Percentile
52.6%
Details
CWE
CWE-352
Status
published
Products (1)
hp/2620-24-poe\+_switch
Published
Nov 22, 2013
Tracked Since
Feb 18, 2026