CVE-2023-49255

EPSS 0.08%
Veröffentlicht 12.01.2024 15:15:09
Zuletzt bearbeitet 03.06.2025 14:15:31
Quelle cvd@cert.pl
CVE-Watchlists
Login
Unerledigt
Login

The router console is accessible without authentication at "data" field, and while a user needs to be logged in in order to modify the configuration, the session state is shared. If any other user is currently logged in, the anonymous user can execute commands in the context of the authenticated one. If the logged in user has administrative privileges, it is possible to use webadmin service configuration commands to create a new admin user with a chosen password.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hongdian ≫ H8951-4g-esp Firmware Version < 2310271149

Hongdian ≫ H8951-4g-esp Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.237

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://cert.pl/en/posts/2024/01/CVE-2023-49253/

Third Party Advisory

https://cert.pl/posts/2024/01/CVE-2023-49253/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-49255

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-49255

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-49255

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-49255