CVE-2023-38945

Multilaser RE160 v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01, Multilaser RE160V v12.03.01.08_pt and V12.03.01.09_pt, and Multilaser RE163V v12.03.01.08_pt allows attackers to bypass the access control and gain complete access to the application via supplying a crafted URL.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://seclists.org/fulldisclosure/2024/Mar/1
http://seclists.org/fulldisclosure/2024/Mar/1

Configurations

No configuration.

History

21 Nov 2024, 08:14

Type	Values Removed	Values Added
References	~~() http://seclists.org/fulldisclosure/2024/Mar/1 -~~	() http://seclists.org/fulldisclosure/2024/Mar/1 -

01 Aug 2024, 13:44

Type	Values Removed	Values Added
CWE		CWE-284
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8

06 Mar 2024, 15:18

Type	Values Removed	Values Added
Summary		(es) Multilaser RE160 v5.07.51_pt_MTL01 y v5.07.52_pt_MTL01, Multilaser RE160V v12.03.01.08_pt y V12.03.01.09_pt, y Multilaser RE163V v12.03.01.08_pt permiten a los atacantes eludir el control de acceso y obtener acceso completo a la aplicación mediante el suministro una URL manipulada.

06 Mar 2024, 00:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-06 00:15

Updated : 2024-11-21 08:14

NVD link : CVE-2023-38945

Mitre link : CVE-2023-38945

CVE.ORG link : CVE-2023-38945

JSON object : View

Products Affected

No product.

CWE

CWE-284

Improper Access Control

8.8 /10