CVE-2023-6323

Exploit

ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker to impersonate an authoritative server.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Wyze ≫ Cam V3 Firmware Version4.36.11.5859

Wyze ≫ Cam V3 Version-

Roku ≫ Indoor Camera Se Version-

Owletcare ≫ Cam Firmware Version < 4.2.11

Owletcare ≫ Cam Version-

Owletcare ≫ Cam 2 Firmware Version < 4.2.10

Owletcare ≫ Cam 2 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.23%	0.461

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cve-requests@bitdefender.com	4.3	2.8	1.4	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Third Party Advisory

Exploit

CVE Source (NVD)

CVE Source (JSON)

EUVD