CVE-2019-25252

EUVD-2025-205295
Teradek VidiU Pro 3.0.3 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft malicious web pages that automatically submit password change requests to the device when a logged-in administrator visits the page.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
VulnCheckCNA
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
teradekvidiu_pro_firmware
2.4.10
teradekvidiu_pro_firmware
3.0.2:build31225
teradekvidiu_pro_firmware
3.0.3:build32136
teradekvidiu_firmware
2.4.10
teradekvidiu_firmware
3.0.2:build31225
teradekvidiu_firmware
3.0.3:build32136
teradekvidiu_mini_firmware
2.4.10
teradekvidiu_mini_firmware
3.0.2:build31225
teradekvidiu_mini_firmware
3.0.3:build32136
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.exploit-db.com/exploits/44671
https://www.teradek.com
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5460.php
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5460.php