<-- Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 Cross-Site Request Forgery Vendor: Leica Geosystems AG Product web page: https://www.leica-geosystems.com Affected version: 4.30.063 4.20.232 4.11.606 3.22.1818 3.10.1633 2.62.782 1.00.395 Summary: The Leica GR10 is the next generation GNSS reference station receiver that combines the latest state-of-the-art technologies with a streamlined 'plug and play' workflow. Designed for a wide variety of GNSS reference station applications, the Leica GR10 offers new levels of simplicity, reliability and performance. Desc: The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Tested on: BarracudaServer.com (WindowsCE) Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2019-5502 Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5502.php 18.12.2018 -->