CVE-2023-27387

Cross-site request forgery (CSRF) in T&D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to conduct an arbitrary operation by having a logged-in user view a malicious page. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions).
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:tandd:tr-71w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tandd:tr-71w:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:tandd:tr-72w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tandd:tr-72w:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:tandd:rtr-5w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tandd:rtr-5w:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:tandd:wdr-7_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tandd:wdr-7:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:tandd:wdr-3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tandd:wdr-3:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:tandd:ws-2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:tandd:ws-2:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:especmic:rt-12n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:especmic:rt-12n:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:especmic:rs-12n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:especmic:rs-12n:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:especmic:rt-22bn_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:especmic:rt-22bn:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:especmic:teu-12n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:especmic:teu-12n:-:*:*:*:*:*:*:*

History

30 May 2023, 17:01

Type Values Removed Values Added
CPE cpe:2.3:h:tandd:tr-71w:-:*:*:*:*:*:*:*
cpe:2.3:h:tandd:ws-2:-:*:*:*:*:*:*:*
cpe:2.3:h:tandd:tr-72w:-:*:*:*:*:*:*:*
cpe:2.3:o:tandd:tr-72w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tandd:ws-2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:especmic:rs-12n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tandd:wdr-3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:especmic:rt-12n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:especmic:teu-12n:-:*:*:*:*:*:*:*
cpe:2.3:h:tandd:rtr-5w:-:*:*:*:*:*:*:*
cpe:2.3:h:especmic:rt-12n:-:*:*:*:*:*:*:*
cpe:2.3:h:tandd:wdr-7:-:*:*:*:*:*:*:*
cpe:2.3:h:tandd:wdr-3:-:*:*:*:*:*:*:*
cpe:2.3:o:especmic:rt-22bn_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:especmic:rt-22bn:-:*:*:*:*:*:*:*
cpe:2.3:o:tandd:wdr-7_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:tandd:tr-71w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:especmic:teu-12n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:especmic:rs-12n:-:*:*:*:*:*:*:*
cpe:2.3:o:tandd:rtr-5w_firmware:*:*:*:*:*:*:*:*
References (MISC) https://www.monitoring.especmic.co.jp/post/VulnerabilityInRT-12N_RS-12N_RT-22BNandTEU-12N - (MISC) https://www.monitoring.especmic.co.jp/post/VulnerabilityInRT-12N_RS-12N_RT-22BNandTEU-12N - Vendor Advisory
References (MISC) https://www.tandd.com/news/detail.html?id=780 - (MISC) https://www.tandd.com/news/detail.html?id=780 - Vendor Advisory
References (MISC) https://jvn.jp/en/jp/JVN14778242/ - (MISC) https://jvn.jp/en/jp/JVN14778242/ - Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
First Time Tandd wdr-7
Especmic
Especmic rt-22bn
Especmic rs-12n
Tandd tr-72w Firmware
Tandd rtr-5w Firmware
Especmic rt-12n Firmware
Especmic teu-12n Firmware
Tandd wdr-3
Tandd ws-2
Especmic rt-12n
Tandd tr-72w
Especmic rt-22bn Firmware
Especmic teu-12n
Tandd tr-71w Firmware
Tandd wdr-3 Firmware
Tandd wdr-7 Firmware
Tandd rtr-5w
Tandd ws-2 Firmware
Especmic rs-12n Firmware
Tandd tr-71w
Tandd
CWE CWE-352

Information

Published : 2023-05-23 02:15

Updated : 2024-02-28 20:13


NVD link : CVE-2023-27387

Mitre link : CVE-2023-27387

CVE.ORG link : CVE-2023-27387


JSON object : View

Products Affected

tandd

  • tr-71w
  • rtr-5w_firmware
  • tr-72w
  • wdr-7_firmware
  • ws-2_firmware
  • wdr-3
  • tr-71w_firmware
  • rtr-5w
  • wdr-7
  • wdr-3_firmware
  • ws-2
  • tr-72w_firmware

especmic

  • teu-12n
  • rt-22bn_firmware
  • rt-12n
  • rs-12n
  • rs-12n_firmware
  • rt-22bn
  • teu-12n_firmware
  • rt-12n_firmware
CWE
CWE-352

Cross-Site Request Forgery (CSRF)