CVE-2025-59479
CVE-2025-59479
In short
The CHOCO TEI WATCHER mini device can be tricked into performing unwanted actions if you click on content from a malicious website while logged in. This happens because the device doesn't properly protect its interface from being controlled by external pages.
Technical detail
The device suffers from improper UI layer restriction (CWE-1021), allowing cross-site request forgery (CSRF) attacks. An attacker can craft a malicious webpage that, when visited by an authenticated user, executes unintended operations on the device through clickjacking or frame-based attacks without explicit user consent on the target interface.
Summary generated and translated by AI from the official description.
CHOCO TEI WATCHER mini (IB-MCT001) contains an issue with improper restriction of rendered UI layers or frames. If a user clicks on content on a malicious web page while logged into the product, unintended operations may be performed on the product.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Affected products
Inaba Denki Sangyo Co., Ltd. · CHOCO TEI WATCHER mini (IB-MCT001)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →