CVE-2023-45396

An Insecure Direct Object Reference (IDOR) vulnerability leads to events profiles access in Elenos ETG150 FM transmitter running on version 3.12.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:elenos:etg150_firmware:3.12:*:*:*:*:*:*:*
cpe:2.3:h:elenos:etg150:-:*:*:*:*:*:*:*

History

07 Nov 2023, 04:21

Type Values Removed Values Added
References
  • {'url': 'https://github.com/strik3r0x1/Vulns/blob/main/(IDOR)%20leads%20to%20events%20profiles%20access%20-%20Elenos.md', 'name': 'https://github.com/strik3r0x1/Vulns/blob/main/(IDOR)%20leads%20to%20events%20profiles%20access%20-%20Elenos.md', 'tags': ['Exploit', 'Third Party Advisory'], 'refsource': 'MISC'}
  • () https://github.com/strik3r0x1/Vulns/blob/main/%28IDOR%29%20leads%20to%20events%20profiles%20access%20-%20Elenos.md -

18 Oct 2023, 16:48

Type Values Removed Values Added
First Time Elenos etg150
Elenos etg150 Firmware
Elenos
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
CWE CWE-639
CPE cpe:2.3:h:elenos:etg150:-:*:*:*:*:*:*:*
cpe:2.3:o:elenos:etg150_firmware:3.12:*:*:*:*:*:*:*
References (MISC) https://github.com/strik3r0x1/Vulns/blob/main/(IDOR)%20leads%20to%20events%20profiles%20access%20-%20Elenos.md - (MISC) https://github.com/strik3r0x1/Vulns/blob/main/(IDOR)%20leads%20to%20events%20profiles%20access%20-%20Elenos.md - Exploit, Third Party Advisory

11 Oct 2023, 14:23

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-11 14:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-45396

Mitre link : CVE-2023-45396

CVE.ORG link : CVE-2023-45396


JSON object : View

Products Affected

elenos

  • etg150_firmware
  • etg150
CWE
CWE-639

Authorization Bypass Through User-Controlled Key