5.3 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): LOW
- Availability impact (A): NONE
Teradek Cube 7.3.6 Cross-Site Request Forgery Password Change
Teradek Cube 7.3.6 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft a malicious web page with a hidden form to submit password change requests to the device's system configuration interface.
References
- Teradek Official Product Homepage product
- Zero Science Lab Disclosure (ZSL-2018-5464) third-party-advisory
- ExploitDB-44675 exploit
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5464.php exploit
- Teradek Official Product Homepage product
- Zero Science Lab Disclosure (ZSL-2018-5464) third-party-advisory
- ExploitDB-44675 exploit
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5464.php exploit
Affected products
- ==7.3.6
- ==7.3.15
Matching in nixpkgs
pkgs.cubeb
Cross platform audio library
-
nixos-unstable 0-unstable-2025-09-17
- nixpkgs-unstable 0-unstable-2025-09-17
- nixos-unstable-small 0-unstable-2025-09-17
pkgs.kmscube
Example OpenGL app using KMS/GBM
-
nixos-unstable 2023-09-25
- nixpkgs-unstable 2023-09-25
- nixos-unstable-small 2023-09-25
pkgs.pascube
Simple OpenGL spinning cube written in Pascal
pkgs.musikcube
Terminal-based music player, library, and streaming audio server
pkgs.roundcube
Open Source Webmail Software
pkgs.classicube
Lightweight, custom Minecraft Classic/ClassiCube client with optional additions written from scratch in C
pkgs.assaultcube
Fast and fun first-person-shooter based on the Cube fps
pkgs.stm32cubemx
A graphical tool for configuring STM32 microcontrollers and microprocessors
pkgs.gamecube-tools
Tools for gamecube/wii projects
pkgs.hyperspeedcube
Hyperspeedcube is a 3D and 4D Rubik's cube simulator
pkgs.dockapps.wmcube
System monitor for Windowmaker
-
nixos-unstable 2023-10-11
- nixpkgs-unstable 2023-10-11
- nixos-unstable-small 2023-10-11
pkgs.idrisPackages.cube
Implementation of the Lambda Cube in Idris
-
nixos-unstable 2017-07-05
- nixpkgs-unstable 2017-07-05
- nixos-unstable-small 2017-07-05
pkgs.spacenav-cube-example
Example application to test the spacenavd driver
pkgs.kdePackages.kjumpingcube
KJumpingCube is a simple tactical game
pkgs.roundcubePlugins.carddav
None
pkgs.gnomeExtensions.desktop-cube
Indulge in nostalgia with useless 3D effects.
pkgs.phpExtensions.ioncube-loader
Use ionCube-encoded files on a web server
pkgs.python312Packages.complycube
Official Python client for the ComplyCube API
pkgs.python313Packages.complycube
Official Python client for the ComplyCube API
pkgs.roundcubePlugins.custom_from
None
pkgs.haskellPackages.resistor-cube
Compute total resistance of a cube of resistors
pkgs.python312Packages.maxcube-api
eQ-3/ELV MAX! Cube Python API
pkgs.python313Packages.maxcube-api
eQ-3/ELV MAX! Cube Python API
pkgs.haskellPackages.marching-cubes
Marching Cubes
pkgs.php81Extensions.ioncube-loader
Use ionCube-encoded files on a web server
pkgs.php82Extensions.ioncube-loader
Use ionCube-encoded files on a web server
pkgs.php83Extensions.ioncube-loader
Use ionCube-encoded files on a web server
pkgs.php84Extensions.ioncube-loader
Use ionCube-encoded files on a web server
pkgs.haskellPackages.marching-cubes2
Marching Cubes
-
nixos-unstable cubes2-0.1.0.0
- nixpkgs-unstable cubes2-0.1.0.0
- nixos-unstable-small cubes2-0.1.0.0
pkgs.python312Packages.spectral-cube
Library for reading and analyzing astrophysical spectral data cubes
pkgs.python313Packages.spectral-cube
Library for reading and analyzing astrophysical spectral data cubes
pkgs.roundcubePlugins.persistent_login
None
pkgs.roundcubePlugins.thunderbird_labels
None
pkgs.home-assistant-component-tests.maxcube
Open source home automation that puts local control and privacy first
Package maintainers
-
@DarkOnion0 Alexandre Peruggia <darkgenius1@protonmail.com>
-
@360ied Brian Zhu <therealbarryplayer@gmail.com>
-
@marcin-serwin Marcin Serwin <marcin@serwin.dev>
-
@zhaofengli Zhaofeng Li <hello@zhaofeng.li>
-
@TomSmeets Tom Smeets <tom.tsmeets@gmail.com>
-
@honnip Jung seungwoo <me@honnip.page>
-
@thielema Henning Thielemann <nix@henning-thielemann.de>
-
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
-
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
-
@OmnipotentEntity Michael Reilly <omnipotententity@gmail.com>
-
@brainrake Marton Boros <martonboros@gmail.com>
-
@mjm Matt Moriarity <matt@mattmoriarity.com>
-
@FRidh Frederik Rietdijk <fridh@fridh.nl>
-
@NickCao Nick Cao <nickcao@nichi.co>
-
@bkchr Bastian Köcher <nixos@kchr.de>
-
@peterhoeg Peter Hoeg <peter@hoeg.com>
-
@K900 Ilya K. <me@0upti.me>
-
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
-
@SCOTT-HAMILTON Scott Hamilton <sgn.hamilton@protonmail.com>
-
@nyanloutre Paul Trehiou <paul@nyanlout.re>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
-
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
-
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
-
@dezgeg Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>
-
@Guanran928 Guanran Wang <guanran928@outlook.com>
-
@afh Alexis Hildebrandt <surryhill+nix@gmail.com>
-
@aanderse Aaron Andersen <aaron@fosslib.net>
-
@NeverBehave Xinhao Luo <i@never.pet>
-
@DerDennisOP Dennis <dennish@wuitz.de>
-
@smaret Sébastien Maret <sebastien.maret@icloud.com>
-
@globin Robin Gloster <mail@glob.in>
-
@Ma27 Maximilian Bosch <maximilian@mbosch.me>
-
@Vskilet Victor SENE <victor@sene.ovh>
-
@Sohalt sohalt <nixos@sohalt.net>
-
@angaz Angus Dippenaar
-
@wucke13 Wucke <wucke13@gmail.com>
-
@RoGreat RoGreat <roguegreat@gmail.com>