Description
Cross-site request forgery vulnerability exists in Web Caster V130 versions 1.08 and earlier. If a logged-in user views a malicious page created by an attacker, the settings of the product may be unintentionally changed.
References (3)
Core 3
Core References
Various Sources
https://www.ntt-east.co.jp/info/detail/220903_01.html
Various Sources
https://www.ntt-west.co.jp/info/support/oshirase20250903.html
Third Party Advisory
https://jvn.jp/en/jp/JVN65839588/
Scores
CVSS v3
3.7
EPSS
0.0012
EPSS Percentile
2.1%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-352
Status
published
Products (2)
NTT EAST, Inc./Web Caster V130
1.08 and earlier
NTT WEST, Inc./Web Caster V130
1.08 and earlier
Published
Sep 03, 2025
Tracked Since
Feb 18, 2026