The API on Winston 1.5.4 devices is vulnerable to CSRF.
References
Link | Resource |
---|---|
https://winstonprivacy.com/ | Product |
https://labs.bishopfox.com/advisories/winston-privacy-version-1.5.4 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2020-10-28 11:15
Updated : 2020-11-03 11:41
NVD link : CVE-2020-16256
Mitre link : CVE-2020-16256
JSON object : View
CWE
CWE-352
Cross-Site Request Forgery (CSRF)
Products Affected
winstonprivacy
- winston
- winston_firmware