CVE-2024-0555

MEDIUM

WIC1200 Firmware 1.1 - Cross-Site Request Forgery

Title source: llm

Description

A Cross-Site Request Forgery (CSRF) vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could lead another user into executing unwanted actions inside the application they are logged in. This vulnerability is possible due to the lack of propper CSRF token implementation.

References (1)

Core 1

Core References

Third Party Advisory

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200

Scores

CVSS v3 4.6

EPSS 0.0019

EPSS Percentile 8.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-352

Status published

Products (1)

xantech/wic1200_firmware 1.1

Published Jan 16, 2024

Tracked Since Feb 18, 2026