Login Sign Up

CVE-2022-50804

8.8 HIGH
Authentication Bypass CSRF

📋 TL;DR

CVE-2022-50804 is a CSRF vulnerability in JM-DATA ONU JF511-TV version 1.0.67 that allows attackers to trick authenticated administrators into unknowingly executing malicious administrative actions. This affects organizations using this specific ONU device version for network termination. Attackers can exploit this by luring authenticated users to malicious web pages.

💻 Affected Systems

Products:
  • JM-DATA ONU JF511-TV
Versions: 1.0.67
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects web management interface. Requires attacker to trick authenticated user into visiting malicious page.

📦 What is this software?

Onu Jf511 Tv Firmware by Jm Data

View all CVEs affecting Onu Jf511 Tv Firmware →

Onu Jf511 Tv Firmware by Jm Data

View all CVEs affecting Onu Jf511 Tv Firmware →

Onu Jf511 Tv Firmware by Jm Data

View all CVEs affecting Onu Jf511 Tv Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover allowing network configuration changes, service disruption, credential theft, and potential lateral movement into connected networks.

🟠

Likely Case

Unauthorized configuration changes leading to service disruption, DNS/network redirection, or credential harvesting from the device.

🟢

If Mitigated

Limited impact with proper CSRF protections, network segmentation, and administrative access controls in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires social engineering to trick authenticated user. Proof-of-concept available in public repositories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.jm-data.com/

Restart Required: No

Instructions:

Check vendor website for firmware updates. If unavailable, implement workarounds and consider device replacement.

🔧 Temporary Workarounds

CSRF Token Implementation

all

Add anti-CSRF tokens to all administrative forms

SameSite Cookie Attribute

all

Set SameSite=Strict attribute on session cookies

🧯 If You Can't Patch

  • Segment ONU management interface to isolated VLAN with strict access controls
  • Implement web application firewall with CSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface at System > Status > Version

Check Version:

curl -k https://[device-ip]/status.cgi | grep 'Firmware Version'

Verify Fix Applied:

Test administrative forms for presence of CSRF tokens and validate SameSite cookie attributes

📡 Detection & Monitoring

Log Indicators:

  • Multiple administrative actions from same session in rapid succession
  • Configuration changes from unexpected IP addresses

Network Indicators:

  • HTTP POST requests to administrative endpoints without Referer headers
  • Cross-origin requests to device management interface

SIEM Query:

source="onu_logs" AND (action="config_change" OR action="admin_action") AND referer="-"

📊 Metadata

CVE ID: CVE-2022-50804
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
EPSS Score: 0.03% exploit probability (8.4th percentile)
Published: December 30, 2025
Last Updated: January 16, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50804, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)