CVE-2018-25127

Vulnerability

CVE-2018-25127 is a cross-site request forgery (CSRF) vulnerability in SOCA Access Control System version 180612 (also versions 170000 and 141007 according to the exploit database) [3]. The application fails to validate the origin of HTTP requests, allowing an attacker to forge requests that perform administrative actions [1].

Exploitation

An attacker can host a malicious web page that, when visited by a logged-in administrator, submits a forged POST request to the Insert_Permission.php endpoint with crafted parameters to create a new admin account [3]. The attack requires no special network position and just social engineering to lure the admin.

Impact

Successful exploitation grants the attacker an administrative account, such as a user named "Imposter" with password "123456" [3]. With admin privileges, the attacker can manipulate access controls, alter permissions, and potentially unlock doors or disable security features, posing a serious physical security risk.

Mitigation

No official patch has been identified from the vendor [2]. The recommended mitigation is to implement CSRF tokens in all sensitive forms, or restrict access to the management interface via network segmentation and strong authentication. Users should update to the latest version if available.