Lucene search

K
cveIcscertCVE-2023-22315
HistoryJan 30, 2023 - 10:15 p.m.

CVE-2023-22315

2023-01-3022:15:12
CWE-345
icscert
web.nvd.nist.gov
30
cve-2023-22315
snap one
wattbox
lan protocol
vulnerability
nvd

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0

Percentile

11.0%

Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior use a proprietary local area network (LAN) protocol that does not verify updates to the device. An attacker could upload a malformed update file to the device and execute arbitrary code.

Affected configurations

Nvd
Node
snapavwattbox_wb-300-ip-3_firmwareRangewb10.9a17
AND
snapavwattbox_wb-300-ip-3Match-
VendorProductVersionCPE
snapavwattbox_wb-300-ip-3_firmware*cpe:2.3:o:snapav:wattbox_wb-300-ip-3_firmware:*:*:*:*:*:*:*:*
snapavwattbox_wb-300-ip-3-cpe:2.3:h:snapav:wattbox_wb-300-ip-3:-:*:*:*:*:*:*:*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Wattbox WB-300-IP-3",
    "vendor": "Snap One",
    "versions": [
      {
        "lessThanOrEqual": "WB10.9a17",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0

Percentile

11.0%

Related for CVE-2023-22315