8.1
CVE-2023-7211
- EPSS 0.94%
- Veröffentlicht 07.01.2024 10:15:08
- Zuletzt bearbeitet 21.11.2024 08:45:31
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
LoginUniway Router Administrative Web Interface reliance on ip address for authentication
A vulnerability was found in Uniway Router 2.0. It has been declared as critical. This vulnerability affects unknown code of the component Administrative Web Interface. The manipulation leads to reliance on ip address for authentication. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-249766 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Uniwayinfo ≫ Uw-302vp Firmware Version <= 2.0
Uniwayinfo ≫ Uw-301vpw Firmware Version <= 2.0
Uniwayinfo ≫ Uw-311vpw Firmware Version <= 2.0
Uniwayinfo ≫ Uw-101x Firmware Version <= 2.0
Uniwayinfo ≫ Uw-323dac Firmware Version <= 2.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.94% | 0.562 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| cna@vuldb.com | 5.6 | 2.2 | 3.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
|
| cna@vuldb.com | 5.1 | 4.9 | 6.4 |
AV:N/AC:H/Au:N/C:P/I:P/A:P
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-291 Reliance on IP Address for Authentication
The product uses an IP address for authentication.
https://drive.google.com/file/d/11thSuALGcn0C_9tbmYu8_QzTXtBnCoNS/view?usp=sharing
https://vuldb.com/?ctiid.249766
https://vuldb.com/?id.249766