CVE-2022-41489

high

Description

WAYOS LQ_09 22.03.17V was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to send crafted requests to the server from the affected device. This vulnerability is exploitable due to a lack of authentication in the component Usb_upload.htm.

References

https://github.com/splashsc/IOT_Vulnerability_Discovery/blob/main/wayos/wayos_LQ-09%2022_enterprise-class/3_csrf.md

Details

Source: Mitre, NVD

Published: 2022-10-13

Updated: 2025-05-15

Risk Information

CVSS v2

Base Score: 9.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H