CVE-2023-24052

An issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via the change password functionality as it does not prompt for the current password.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://research.nccgroup.com/2023/10/19/technical-advisory-multiple-vulnerabilities-in-connectize-g6-ac2100-dual-band-gigabit-wifi-router-cve-2023-24046-cve-2023-24047-cve-2023-24048-cve-2023-24049-cve-2023-24050-cve-2023-24051-cve/	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:h:connectize:ac21000_g6:-:*:*:*:*:*:*:*

cpe:2.3:o:connectize:ac21000_g6_firmware:641.139.1.1256:*:*:*:*:*:*:*

History

01 Aug 2024, 13:43

Type	Values Removed	Values Added
CWE		CWE-863

04 Dec 2023, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-04 23:15

Updated : 2024-08-01 13:43

NVD link : CVE-2023-24052

Mitre link : CVE-2023-24052

CVE.ORG link : CVE-2023-24052

JSON object : View

Products Affected

connectize

ac21000_g6
ac21000_g6_firmware

CWE

NVD-CWE-noinfo CWE-863

Incorrect Authorization

{"id": "CVE-2023-24052", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-12-04T23:15:23.410", "references": [{"url": "https://research.nccgroup.com/2023/10/19/technical-advisory-multiple-vulnerabilities-in-connectize-g6-ac2100-dual-band-gigabit-wifi-router-cve-2023-24046-cve-2023-24047-cve-2023-24048-cve-2023-24049-cve-2023-24050-cve-2023-24051-cve/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "An issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via the change password functionality as it does not prompt for the current password."}, {"lang": "es", "value": "Un problema descubierto en Connectize AC21000 G6 641.139.1.1256 permite a los atacantes obtener el control del dispositivo a trav\u00e9s de la funci\u00f3n de cambio de contrase\u00f1a, ya que no solicita la contrase\u00f1a actual."}], "lastModified": "2024-08-01T13:43:23.130", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:connectize:ac21000_g6:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C55398C2-DC1C-4623-8AD8-7064125604FA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:connectize:ac21000_g6_firmware:641.139.1.1256:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CC3408F-6CB5-4B0E-9536-D08A4DE072B3"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}