CVE-2023-22654

Client-side enforcement of server-side security issue exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may lead to an arbitrary script execution on a logged-in user's web browser. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions).
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tandd:tr-71w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tandd:tr-71w:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:tandd:tr-72w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tandd:tr-72w:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:tandd:rtr-5w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tandd:rtr-5w:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:tandd:wdr-7_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tandd:wdr-7:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:tandd:wdr-3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tandd:wdr-3:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:tandd:ws-2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tandd:ws-2:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:especmic:rt-12n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:especmic:rt-12n:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:especmic:rs-12n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:especmic:rs-12n:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:especmic:rt-22bn_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:especmic:rt-22bn:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:especmic:teu-12n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:especmic:teu-12n:-:*:*:*:*:*:*:*

History

30 May 2023, 22:22

Type Values Removed Values Added
CPE cpe:2.3:h:tandd:wdr-7:-:*:*:*:*:*:*:*
cpe:2.3:o:tandd:ws-2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:especmic:rt-22bn:-:*:*:*:*:*:*:*
cpe:2.3:h:especmic:rs-12n:-:*:*:*:*:*:*:*
cpe:2.3:o:tandd:tr-72w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tandd:wdr-7_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tandd:tr-72w:-:*:*:*:*:*:*:*
cpe:2.3:h:tandd:tr-71w:-:*:*:*:*:*:*:*
cpe:2.3:o:especmic:rt-12n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:especmic:teu-12n:-:*:*:*:*:*:*:*
cpe:2.3:o:especmic:rs-12n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:especmic:rt-12n:-:*:*:*:*:*:*:*
cpe:2.3:h:tandd:rtr-5w:-:*:*:*:*:*:*:*
cpe:2.3:h:tandd:wdr-3:-:*:*:*:*:*:*:*
cpe:2.3:o:especmic:teu-12n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tandd:rtr-5w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tandd:ws-2:-:*:*:*:*:*:*:*
cpe:2.3:o:tandd:tr-71w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tandd:wdr-3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:especmic:rt-22bn_firmware:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4
CWE CWE-79
References (MISC) https://www.tandd.com/news/detail.html?id=780 - (MISC) https://www.tandd.com/news/detail.html?id=780 - Vendor Advisory
References (MISC) https://jvn.jp/en/jp/JVN14778242/ - (MISC) https://jvn.jp/en/jp/JVN14778242/ - Third Party Advisory
References (MISC) https://www.monitoring.especmic.co.jp/post/VulnerabilityInRT-12N_RS-12N_RT-22BNandTEU-12N - (MISC) https://www.monitoring.especmic.co.jp/post/VulnerabilityInRT-12N_RS-12N_RT-22BNandTEU-12N - Vendor Advisory
First Time Especmic
Tandd wdr-7
Tandd
Tandd rtr-5w
Especmic rs-12n
Especmic rs-12n Firmware
Tandd ws-2 Firmware
Especmic teu-12n Firmware
Especmic rt-12n Firmware
Tandd wdr-3 Firmware
Tandd rtr-5w Firmware
Tandd tr-72w
Tandd wdr-3
Tandd wdr-7 Firmware
Especmic teu-12n
Especmic rt-22bn
Tandd ws-2
Tandd tr-71w
Tandd tr-71w Firmware
Especmic rt-12n
Especmic rt-22bn Firmware
Tandd tr-72w Firmware

Information

Published : 2023-05-23 02:15

Updated : 2024-02-28 20:13


NVD link : CVE-2023-22654

Mitre link : CVE-2023-22654

CVE.ORG link : CVE-2023-22654


JSON object : View

Products Affected

tandd

  • tr-71w
  • rtr-5w_firmware
  • tr-72w
  • wdr-7_firmware
  • ws-2_firmware
  • wdr-3
  • tr-71w_firmware
  • rtr-5w
  • wdr-7
  • wdr-3_firmware
  • ws-2
  • tr-72w_firmware

especmic

  • teu-12n
  • rt-22bn_firmware
  • rt-12n
  • rs-12n
  • rs-12n_firmware
  • rt-22bn
  • teu-12n_firmware
  • rt-12n_firmware
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')