CVE-2018-25156
CSRF Vulnerability in Teradek Cube 7.3.6 Enables Admin Password Change
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| teradek | cube | 7.3.6 |
| lighttpd | lighttpd | 1.4.31 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2018-25156 is a Cross-Site Request Forgery (CSRF) vulnerability in Teradek Cube firmware version 7.3.6. It allows attackers to change the administrative password without proper validation of the request. An attacker can trick a logged-in user into visiting a malicious website that submits hidden forms to the device's web interface, causing it to execute unauthorized password changes without the user's consent. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized administrative access to the Teradek Cube device by allowing attackers to change the administrator password remotely. This compromises the security of the device, potentially allowing attackers to control the device, disrupt video encoding/decoding operations, and access sensitive network resources connected to the device. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring HTTP POST requests to the device's internal CGI endpoint, such as /cgi-bin/system.cgi, especially those attempting to change administrative passwords without proper validation. Network traffic analysis tools can be used to inspect for suspicious POST requests with parameters related to password changes. Since the device lacks CSRF protections, look for unexpected or unauthorized POST requests originating from user browsers or external sources targeting the device's web interface. Specific commands are not provided in the resources, but using tools like tcpdump or Wireshark to filter HTTP POST requests to /cgi-bin/system.cgi could help detect exploitation attempts. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the Teradek Cube's web interface to trusted networks or users only, disabling remote web administration if possible, and educating users to avoid visiting untrusted or malicious websites while logged into the device. Since the vulnerability arises from lack of CSRF protections, applying any available firmware updates or patches from the vendor is recommended if available. If no patch exists, network-level controls such as firewall rules to limit access to the device's management interface can reduce risk. [1, 2]