← back
CVE-2020-28218

CVE-2020-28218

EPSS 1.1%CWE-1021
In short

The Easergy T300 device allows attackers to trick users into performing unintended actions by manipulating the interface layers or frames displayed on screen. This could lead to unauthorized changes or operations on the device.

Technical detail

CWE-1021 improper UI frame restriction in Easergy T300 firmware ≤2.7 enables clickjacking or UI redressing attacks where an attacker overlays or manipulates rendered interface elements. An attacker can deceive authenticated users into initiating unintended actions without proper frame validation or origin checks.

Summary generated and translated by AI from the official description.
A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists in Easergy T300 (firmware 2.7 and older), that would allow an attacker to trick a user into initiating an unintended action.
Affected products
n/a · Easergy T300 (firmware 2.7 and older)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://us-cert.cisa.gov/ics/advisories/icsa-20-343-03https://www.se.com/ww/en/download/document/SEVD-2020-315-06/