Description
A vulnerability was found in Clavister E10 and E80 up to 14.00.10 and classified as problematic. This issue affects some unknown processing of the component Setting Handler. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 14.00.11 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-258917 was assigned to this vulnerability.
References (6)
Core 6
Core References
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.258917
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.303530
Various Sources exploit
https://github.com/strik3r0x1/Vulns/blob/main/CSRF_Clavister-E80,E10.md
Various Sources related
https://docs.clavister.com/repo/cos-core-release-notes/doc/index.html#d0e2260
Various Sources patch
https://my.clavister.com/downloads/?sid=1
Permissions Required, VDB Entry vdb-entry
https://vuldb.com/?id.258917
Scores
CVSS v3
4.3
EPSS
0.0020
EPSS Percentile
41.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-352
Status
published
Products (22)
Clavister/E10
14.00.0
Clavister/E10
14.00.1
Clavister/E10
14.00.10
Clavister/E10
14.00.2
Clavister/E10
14.00.3
Clavister/E10
14.00.4
Clavister/E10
14.00.5
Clavister/E10
14.00.6
Clavister/E10
14.00.7
Clavister/E10
14.00.8
... and 12 more
Published
Apr 02, 2024
Tracked Since
Feb 18, 2026