CVE-2020-36283

HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when using the EEM driver (Ethernet Emulation Mode). By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to upload a configuration file to the device. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
Configurations

Configuration 1


Information

Published : 2021-03-24 04:15

Updated : 2021-03-26 09:21


NVD link : CVE-2020-36283

Mitre link : CVE-2020-36283

Products Affected
No products.
CWE