CVE-2023-24838

EPSS 2.12%
Veröffentlicht 27.03.2023 04:15:09
Zuletzt bearbeitet 21.11.2024 07:48:29
Quelle twcert@cert.org.tw
CVE-Watchlists
Login
Unerledigt
Login

HGiga PowerStation has a vulnerability of Information Leakage. An unauthenticated remote attacker can exploit this vulnerability to obtain the administrator's credential. This credential can then be used to login PowerStation or Secure Shell to achieve remote code execution.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hgiga ≫ Powerstation Firmware Version < x64.6.2.165

Hgiga ≫ Powerstation Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.12%	0.837

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
twcert@cert.org.tw	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://www.twcert.org.tw/tw/cp-132-6957-d8f67-1.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-24838

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-24838

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-24838

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-24838