9.8

CVE-2023-31634

EPSS 0.86%
Veröffentlicht 27.03.2024 06:15:08
Zuletzt bearbeitet 28.05.2025 18:06:30
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

In TeslaMate before 1.27.2, there is unauthorized access to port 4000 for remote viewing and operation of user data. After accessing the IP address for the TeslaMate instance, an attacker can switch the port to 3000 to enter Grafana for remote operations. At that time, the default username and password can be used to enter the Grafana management console without logging in, a related issue to CVE-2022-23126.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Teslamate ≫ Teslamate Version < 1.27.2

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.86%	0.536

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://github.com/XC9409/CVE-2023-31634/blob/main/PoC

Third Party Advisory

https://github.com/adriankumpf/teslamate/releases/tag/v1.27.2

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2023-31634

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-31634

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-31634

EUVD