Lucene search

[email protected]CVE-2023-24047

HistoryDec 04, 2023 - 11:15 p.m.

CVE-2023-24047

2023-12-0423:15:23

CWE-522

[email protected]

web.nvd.nist.gov

cve-2023

insecure credential management

connectize ac21000

weak hashing algorithm

6.8 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via use of weak hashing algorithm.

Affected configurations

NVD

Node

connectizeac21000_g6Match-

AND

connectizeac21000_g6_firmwareMatch641.139.1.1256

CPENameOperatorVersion
connectize:ac21000_g6_firmwareconnectize ac21000 g6 firmwareeq641.139.1.1256

CPE	Name	Operator	Version
connectize:ac21000_g6_firmware	connectize ac21000 g6 firmware	eq	641.139.1.1256

References

research.nccgroup.com/2023/10/19/technical-advisory-multiple-vulnerabilities-in-connectize-g6-ac2100-dual-band-gigabit-wifi-router-cve-2023-24046-cve-2023-24047-cve-2023-24048-cve-2023-24049-cve-2023-24050-cve-2023-24051-cve/

6.8 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2023-24047

cvelist1 prion1 nvd1