CVE-2020-29292

MEDIUM

iBall WRD12EN 1.0.0 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

iBall WRD12EN 1.0.0 devices allow cross-site request forgery (CSRF) attacks as demonstrated by enabling DNS settings or modifying the range for IP addresses.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.iball.co.in/

Scores

CVSS v3 6.5
EPSS 0.0037
EPSS Percentile 29.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE
CWE-352
Status published
Products (1)
iball/wrd12en_firmware 1.0.0
Published Dec 30, 2021
Tracked Since Feb 18, 2026