MidnightBSD

Advisories for magewell

CVE-2025-63952

A Cross-Site Request Forgery (CSRF) in the /mwapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N 2.1 3.6

Products Affected

Vendor Product Version
magewell pro_convert_sdi_4k_plus_firmware 1.2.213
magewell pro_convert_sdi_plus_firmware 1.2.213
magewell pro_convert_audio_dx_firmware 1.2.213
magewell pro_convert_12g_sdi_4k_plus_firmware 1.2.213
magewell pro_convert_hdmi_tx_firmware 1.2.213
magewell pro_convert_hdmi_4k_plus_firmware 1.2.213
magewell pro_convert_hdmi_plus_firmware 1.2.213
magewell pro_convert_for_ndi_to_hdmi_firmware 1.2.213
magewell pro_convert_for_ndi_to_aio_firmware 1.2.213
magewell pro_convert_sdi_tx_firmware 1.2.213
magewell pro_convert_for_ndi_to_sdi_firmware 1.2.213
magewell pro_convert_aes67_firmware 1.2.213
magewell pro_convert_for_ndi_to_hdmi_4k_firmware 1.2.213
CVE-2025-63953

A Cross-Site Request Forgery (CSRF) in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 2.8 3.6

Products Affected

Vendor Product Version
magewell ultra_encode_sdi_plus_firmware 2.3.206
magewell ultra_encode_aio_firmware 2.3.206
magewell ultra_encode_sdi_firmware 2.3.206
magewell ultra_encode_hdmi_firmware 2.3.206
magewell ultra_encode_hdmi_plus_firmware 2.3.206