Description
JM-DATA ONU JF511-TV version 1.0.67 is vulnerable to cross-site request forgery (CSRF) attacks, allowing attackers to perform administrative actions on behalf of authenticated users without their knowledge or consent.
References (6)
Core 6
Core References
Third Party Advisory third-party-advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5708.php
Third Party Advisory exploit
https://packetstormsecurity.com/files/167487/
Exploit, Third Party Advisory third-party-advisory
https://cxsecurity.com/issue/WLB-2022060058
Third Party Advisory vdb-entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/229355
Product product
https://www.jm-data.com/
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/jm-data-onu-jf-tv-cross-site-request-forgery-csrf-vulnerability
Scores
CVSS v3
8.8
EPSS
0.0022
EPSS Percentile
12.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-352
Status
published
Products (3)
jm-data/onu_jf511-tv_firmware
1.0.55
jm-data/onu_jf511-tv_firmware
1.0.62
jm-data/onu_jf511-tv_firmware
1.0.67
Published
Dec 30, 2025
Tracked Since
Feb 18, 2026