CVE-2023-24052

EPSS 0.09%
Veröffentlicht 04.12.2023 23:15:23
Zuletzt bearbeitet 21.11.2024 07:47:20
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via the change password functionality as it does not prompt for the current password.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Connectize ≫ Ac21000 G6 Firmware Version641.139.1.1256

Connectize ≫ Ac21000 G6 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.26

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://research.nccgroup.com/2023/10/19/technical-advisory-multiple-vulnerabilities-in-connectize-g6-ac2100-dual-band-gigabit-wifi-router-cve-2023-24046-cve-2023-24047-cve-2023-24048-cve-2023-24049-cve-2023-24050-cve-2023-24051-cve/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-24052

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-24052

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-24052

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-24052