CVE-2023-49259

The authentication cookies are generated using an algorithm based on the username, hardcoded secret and the up-time, and can be guessed in a reasonable time.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://cert.pl/en/posts/2024/01/CVE-2023-49253/	Third Party Advisory
https://cert.pl/posts/2024/01/CVE-2023-49253/	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:hongdian:h8951-4g-esp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hongdian:h8951-4g-esp:-:*:*:*:*:*:*:*

History

10 Oct 2024, 16:15

Type	Values Removed	Values Added
CWE		CWE-341

18 Jan 2024, 20:33

Type	Values Removed	Values Added
First Time		Hongdian h8951-4g-esp Hongdian Hongdian h8951-4g-esp Firmware
CWE		CWE-327
CPE		cpe:2.3:o:hongdian:h8951-4g-esp_firmware:::::::: cpe:2.3:h:hongdian:h8951-4g-esp:-:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
References	~~() https://cert.pl/en/posts/2024/01/CVE-2023-49253/ -~~	() https://cert.pl/en/posts/2024/01/CVE-2023-49253/ - Third Party Advisory
References	~~() https://cert.pl/posts/2024/01/CVE-2023-49253/ -~~	() https://cert.pl/posts/2024/01/CVE-2023-49253/ - Third Party Advisory

12 Jan 2024, 15:54

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-12 15:15

Updated : 2024-10-10 16:15

NVD link : CVE-2023-49259

Mitre link : CVE-2023-49259

CVE.ORG link : CVE-2023-49259

JSON object : View

Products Affected

hongdian

h8951-4g-esp_firmware
h8951-4g-esp

CWE

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

CWE-341

Predictable from Observable State

7.5 /10