CVE-2015-4624
50Vexday Risk Score
Patch soon. It has a working public exploit.
ssvc Attendepss 37%
from disclosure to weapon0 days
Published on NVDMar 31
1st PoCOct 20
metasploitAug 1
exploitation probability
37%top 2% of all CVEs
observed exploitation
nono source reports it
4 public exploit(s)
Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens.
Affected products
n/a · n/apublic PoCs found — 4
cve_referencepacketstormsecurity.com/files/133052/WiFi-Pineapple-Predictable-CSRF-Token.htmlunverifiedcve_referencepacketstormsecurity.com/files/139212/Hak5-WiFi-Pineapple-Preconfiguration-Command-Injection-2.htmlunverifiedcve_referencewww.exploit-db.com/exploits/40609/unverifiedexploitdbwww.exploit-db.com/exploits/40609unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://packetstormsecurity.com/files/133052/WiFi-Pineapple-Predictable-CSRF-Token.htmlhttp://packetstormsecurity.com/files/139212/Hak5-WiFi-Pineapple-Preconfiguration-Command-Injection-2.htmlhttps://www.exploit-db.com/exploits/40609/http://www.securityfocus.com/archive/1/536184/100/500/threaded