9.8
CVE-2023-30762
- EPSS 0.24%
- Veröffentlicht 13.06.2023 10:15:10
- Zuletzt bearbeitet 03.01.2025 18:15:14
- Quelle vultures@jpcert.or.jp
- CVE-Watchlists
- Unerledigt
LoginImproper authentication vulnerability exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to 91110.1.101106.78, KB-AHR08D versions prior to 91210.1.101106.78, KB-AHR16D versions prior to 91310.1.101106.78, KB-IRIP04A versions prior to 95110.1.100290.78A, KB-IRIP08A versions prior to 95210.1.100290.78A, and KB-IRIP16A versions prior to 95310.1.100290.78A.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Kbdevice ≫ Kb-ahr04d Firmware Version < 91110.1.101106.78
Kbdevice ≫ Kb-ahr08d Firmware Version < 91210.1.101106.78
Kbdevice ≫ Kb-ahr16d Firmware Version < 91310.1.101106.78
Kbdevice ≫ Kb-irip04a Firmware Version < 95110.1.100290.78a
Kbdevice ≫ Kb-irip08a Firmware Version < 95210.1.100290.78a
Kbdevice ≫ Kb-irip16a Firmware Version < 95310.1.100290.78a
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.476 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.