Cross-site request forgery (CSRF) in T&D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to conduct an arbitrary operation by having a logged-in user view a malicious page. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions).
References
Link | Resource |
---|---|
https://jvn.jp/en/jp/JVN14778242/ | Third Party Advisory |
https://www.monitoring.especmic.co.jp/post/VulnerabilityInRT-12N_RS-12N_RT-22BNandTEU-12N | Vendor Advisory |
https://www.tandd.com/news/detail.html?id=780 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
History
30 May 2023, 17:01
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:tandd:tr-71w:-:*:*:*:*:*:*:* cpe:2.3:h:tandd:ws-2:-:*:*:*:*:*:*:* cpe:2.3:h:tandd:tr-72w:-:*:*:*:*:*:*:* cpe:2.3:o:tandd:tr-72w_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:tandd:ws-2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:especmic:rs-12n_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:tandd:wdr-3_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:especmic:rt-12n_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:especmic:teu-12n:-:*:*:*:*:*:*:* cpe:2.3:h:tandd:rtr-5w:-:*:*:*:*:*:*:* cpe:2.3:h:especmic:rt-12n:-:*:*:*:*:*:*:* cpe:2.3:h:tandd:wdr-7:-:*:*:*:*:*:*:* cpe:2.3:h:tandd:wdr-3:-:*:*:*:*:*:*:* cpe:2.3:o:especmic:rt-22bn_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:especmic:rt-22bn:-:*:*:*:*:*:*:* cpe:2.3:o:tandd:wdr-7_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:tandd:tr-71w_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:especmic:teu-12n_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:especmic:rs-12n:-:*:*:*:*:*:*:* cpe:2.3:o:tandd:rtr-5w_firmware:*:*:*:*:*:*:*:* |
|
References | (MISC) https://www.monitoring.especmic.co.jp/post/VulnerabilityInRT-12N_RS-12N_RT-22BNandTEU-12N - Vendor Advisory | |
References | (MISC) https://www.tandd.com/news/detail.html?id=780 - Vendor Advisory | |
References | (MISC) https://jvn.jp/en/jp/JVN14778242/ - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
First Time |
Tandd wdr-7
Especmic Especmic rt-22bn Especmic rs-12n Tandd tr-72w Firmware Tandd rtr-5w Firmware Especmic rt-12n Firmware Especmic teu-12n Firmware Tandd wdr-3 Tandd ws-2 Especmic rt-12n Tandd tr-72w Especmic rt-22bn Firmware Especmic teu-12n Tandd tr-71w Firmware Tandd wdr-3 Firmware Tandd wdr-7 Firmware Tandd rtr-5w Tandd ws-2 Firmware Especmic rs-12n Firmware Tandd tr-71w Tandd |
|
CWE | CWE-352 |
Information
Published : 2023-05-23 02:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-27387
Mitre link : CVE-2023-27387
CVE.ORG link : CVE-2023-27387
JSON object : View
Products Affected
tandd
- tr-71w
- rtr-5w_firmware
- tr-72w
- wdr-7_firmware
- ws-2_firmware
- wdr-3
- tr-71w_firmware
- rtr-5w
- wdr-7
- wdr-3_firmware
- ws-2
- tr-72w_firmware
especmic
- teu-12n
- rt-22bn_firmware
- rt-12n
- rs-12n
- rs-12n_firmware
- rt-22bn
- teu-12n_firmware
- rt-12n_firmware
CWE
CWE-352
Cross-Site Request Forgery (CSRF)