CVE-2023-27387

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-27387
Cross-site request forgery (CSRF) in T&D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to conduct an arbitrary operation by having a logged-in user view a malicious page. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions).

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://jvn.jp/en/jp/JVN14778242/ Third Party Advisory
https://www.monitoring.especmic.co.jp/post/VulnerabilityInRT-12N_RS-12N_RT-22BNandTEU-12N Vendor Advisory
https://www.tandd.com/news/detail.html?id=780 Vendor Advisory
https://jvn.jp/en/jp/JVN14778242/ Third Party Advisory
https://www.monitoring.especmic.co.jp/post/VulnerabilityInRT-12N_RS-12N_RT-22BNandTEU-12N Vendor Advisory
https://www.tandd.com/news/detail.html?id=780 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tandd:tr-71w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tandd:tr-71w:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:tandd:tr-72w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tandd:tr-72w:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:tandd:rtr-5w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tandd:rtr-5w:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:tandd:wdr-7_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tandd:wdr-7:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:tandd:wdr-3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tandd:wdr-3:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:tandd:ws-2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tandd:ws-2:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:especmic:rt-12n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:especmic:rt-12n:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:especmic:rs-12n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:especmic:rs-12n:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:especmic:rt-22bn_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:especmic:rt-22bn:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:especmic:teu-12n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:especmic:teu-12n:-:*:*:*:*:*:*:*
History

21 Nov 2024, 07:52

Type Values Removed Values Added
References () https://jvn.jp/en/jp/JVN14778242/ - Third Party Advisory () https://jvn.jp/en/jp/JVN14778242/ - Third Party Advisory
References () https://www.monitoring.especmic.co.jp/post/VulnerabilityInRT-12N_RS-12N_RT-22BNandTEU-12N - Vendor Advisory () https://www.monitoring.especmic.co.jp/post/VulnerabilityInRT-12N_RS-12N_RT-22BNandTEU-12N - Vendor Advisory
References () https://www.tandd.com/news/detail.html?id=780 - Vendor Advisory () https://www.tandd.com/news/detail.html?id=780 - Vendor Advisory

30 May 2023, 17:01

Type Values Removed Values Added
References (MISC) https://www.monitoring.especmic.co.jp/post/VulnerabilityInRT-12N_RS-12N_RT-22BNandTEU-12N - (MISC) https://www.monitoring.especmic.co.jp/post/VulnerabilityInRT-12N_RS-12N_RT-22BNandTEU-12N - Vendor Advisory
References (MISC) https://www.tandd.com/news/detail.html?id=780 - (MISC) https://www.tandd.com/news/detail.html?id=780 - Vendor Advisory
References (MISC) https://jvn.jp/en/jp/JVN14778242/ - (MISC) https://jvn.jp/en/jp/JVN14778242/ - Third Party Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8
First Time Tandd wdr-7
Especmic
Especmic rt-22bn
Especmic rs-12n
Tandd tr-72w Firmware
Tandd rtr-5w Firmware
Especmic rt-12n Firmware
Especmic teu-12n Firmware
Tandd wdr-3
Tandd ws-2
Especmic rt-12n
Tandd tr-72w
Especmic rt-22bn Firmware
Especmic teu-12n
Tandd tr-71w Firmware
Tandd wdr-3 Firmware
Tandd wdr-7 Firmware
Tandd rtr-5w
Tandd ws-2 Firmware
Especmic rs-12n Firmware
Tandd tr-71w
Tandd
CWE CWE-352
CPE cpe:2.3:h:tandd:tr-71w:-:*:*:*:*:*:*:*
cpe:2.3:h:tandd:ws-2:-:*:*:*:*:*:*:*
cpe:2.3:h:tandd:tr-72w:-:*:*:*:*:*:*:*
cpe:2.3:o:tandd:tr-72w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tandd:ws-2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:especmic:rs-12n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tandd:wdr-3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:especmic:rt-12n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:especmic:teu-12n:-:*:*:*:*:*:*:*
cpe:2.3:h:tandd:rtr-5w:-:*:*:*:*:*:*:*
cpe:2.3:h:especmic:rt-12n:-:*:*:*:*:*:*:*
cpe:2.3:h:tandd:wdr-7:-:*:*:*:*:*:*:*
cpe:2.3:h:tandd:wdr-3:-:*:*:*:*:*:*:*
cpe:2.3:o:especmic:rt-22bn_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:especmic:rt-22bn:-:*:*:*:*:*:*:*
cpe:2.3:o:tandd:wdr-7_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tandd:tr-71w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:especmic:teu-12n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:especmic:rs-12n:-:*:*:*:*:*:*:*
cpe:2.3:o:tandd:rtr-5w_firmware:*:*:*:*:*:*:*:*
Information

Published : 2023-05-23 02:15

Updated : 2024-11-21 07:52

NVD link : CVE-2023-27387

Mitre link : CVE-2023-27387

CVE.ORG link : CVE-2023-27387

JSON object : View

Products Affected

tandd

  • wdr-7_firmware
  • rtr-5w_firmware
  • ws-2_firmware
  • wdr-7
  • rtr-5w
  • tr-71w
  • ws-2
  • tr-71w_firmware
  • tr-72w_firmware
  • wdr-3
  • tr-72w
  • wdr-3_firmware

especmic

  • rt-12n_firmware
  • rs-12n_firmware
  • rt-22bn
  • teu-12n
  • teu-12n_firmware
  • rs-12n
  • rt-22bn_firmware
  • rt-12n
CWE
CWE-352

Cross-Site Request Forgery (CSRF)


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024