CVE-2023-33468

KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmation code remotely, bypassing the need to obtain it directly from the physical screen.
References
Link Resource
http://kramerav.com Not Applicable
https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2023-33468 Exploit Third Party Advisory
http://kramerav.com Not Applicable
https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2023-33468 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:kramerav:via_go2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:kramerav:via_go2:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:kramerav:via_connect2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:kramerav:via_connect2:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:05

Type Values Removed Values Added
References () http://kramerav.com - Not Applicable () http://kramerav.com - Not Applicable
References () https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2023-33468 - Exploit, Third Party Advisory () https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2023-33468 - Exploit, Third Party Advisory

16 Aug 2023, 18:03

Type Values Removed Values Added
First Time Kramerav via Connect2 Firmware
Kramerav via Go2
Kramerav via Go2 Firmware
Kramerav
Kramerav via Connect2
CWE CWE-863
CPE cpe:2.3:h:kramerav:via_connect2:-:*:*:*:*:*:*:*
cpe:2.3:o:kramerav:via_go2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:kramerav:via_connect2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:kramerav:via_go2:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.1
References (MISC) http://kramerav.com - (MISC) http://kramerav.com - Not Applicable
References (MISC) https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2023-33468 - (MISC) https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2023-33468 - Exploit, Third Party Advisory

09 Aug 2023, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-09 20:15

Updated : 2024-11-21 08:05


NVD link : CVE-2023-33468

Mitre link : CVE-2023-33468

CVE.ORG link : CVE-2023-33468


JSON object : View

Products Affected

kramerav

  • via_connect2
  • via_connect2_firmware
  • via_go2_firmware
  • via_go2
CWE
CWE-863

Incorrect Authorization