CVE-2018-25156

Description

Teradek Cube 7.3.6 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft a malicious web page with a hidden form to submit password change requests to the device's system configuration interface.

PUBLISHED Reserved 2025-12-24 | Published 2025-12-24 | Updated 2025-12-24 | Assigner VulnCheck

Problem types

Cross-Site Request Forgery (CSRF)

Product status

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab finder

References

www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5464.php exploit

www.exploit-db.com/exploits/44675 (ExploitDB-44675) exploit

www.teradek.com (Teradek Official Product Homepage) product

www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5464.php (Zero Science Lab Disclosure (ZSL-2018-5464)) third-party-advisory

cve.org (CVE-2018-25156)

nvd.nist.gov (CVE-2018-25156)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.