CVE-2024-45161
Description
A CSRF issue was discovered in the administrative web GUI in Blu-Castle BCUM221E 1.0.0P220507. This can be exploited via a URL, an image load, an XMLHttpRequest, etc. and can result in exposure of data or unintended code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A CSRF vulnerability in Blu-Castle BCUM221E administrative web GUI allows attackers to trigger unintended actions or data exposure via crafted requests.
A cross-site request forgery (CSRF) vulnerability exists in the administrative web GUI of Blu-Castle BCUM221E firmware version 1.0.0P220507. The issue arises from a lack of CSRF token validation, enabling an attacker to force an authenticated administrator to perform unintended actions.
An attacker can exploit this by crafting a malicious URL, image load, or XMLHttpRequest that, when visited by an authenticated admin, triggers state-changing operations on the device. No authentication is required for the attacker, but the victim must be logged into the administrative interface.
Successful exploitation can lead to exposure of sensitive data or arbitrary code execution on the affected device, compromising its integrity and confidentiality. The Gruppo TIM Red Team advisory details the vulnerability and confirms the impact [1].
Users of the affected firmware should apply the latest firmware update from Blu-Castle to mitigate the risk. Until patched, restricting network access to the administrative interface and educating administrators about phishing attacks are recommended interim measures.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: = 1.0.0P220507
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.