The web management interface in ETL Systems Ltd DEXTRA Series ' Digital L-Band Distribution System v1.8 does not implement Cross-Site Request Forgery (CSRF) protection mechanisms (no tokens, no Origin/Referer validation) on critical configuration endpoints.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N | 3.9 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| etlsystems | d0104s1ula-22450_firmware | 1.8 |
| etlsystems | d0116s1ula-22414_firmware | 1.8 |
| etlsystems | c0801s1ula-22457_firmware | 1.8 |
| etlsystems | c0401s1ula-22455_firmware | 1.8 |
| etlsystems | d0104d1ula-22411_firmware | 1.8 |
| etlsystems | c1601s1ula-22422_firmware | 1.8 |
| etlsystems | d0108d1uia-22473_firmware | 1.8 |
| etlsystems | c0401d1ula-22456_firmware | 1.8 |
| etlsystems | d0104s1ula-22410_firmware | 1.8 |
| etlsystems | h0108d1ula-22431_firmware | 1.8 |
| etlsystems | d0108d1ula-22413_firmware | 1.8 |
| etlsystems | d0108s1ula-22412_firmware | 1.8 |
| etlsystems | d0108d1ula-22453_firmware | 1.8 |
| etlsystems | c0801d1ula-22458_firmware | 1.8 |
| etlsystems | d0104d1ula-22451_firmware | 1.8 |
| etlsystems | c0401d1uia-22476_firmware | 1.8 |
| etlsystems | c0801s1ula-22420_firmware | 1.8 |
| etlsystems | d0116s1uia-22474_firmware | 1.8 |
| etlsystems | c0401s1ula-22418_firmware | 1.8 |
| etlsystems | c0401d1ula-22419_firmware | 1.8 |
| etlsystems | c1601s1uia-22479_firmware | 1.8 |
| etlsystems | d0116s1ula-22454_firmware | 1.8 |
| etlsystems | h0104d1ula-22460_firmware | 1.8 |
| etlsystems | c0801d1ula-22421_firmware | 1.8 |
| etlsystems | c1601s1ula-22459_firmware | 1.8 |
| etlsystems | d0108s1ula-22452_firmware | 1.8 |
| etlsystems | h0108d1ula-22461_firmware | 1.8 |