Lucene search
TwcertCVE-2023-25017HistoryMar 27, 2023 - 4:15 a.m.
CVE-2023-25017
2023-03-2704:15:10
CWE-863
twcert
web.nvd.nist.gov
21
rifartek
iot wall
vulnerability
incorrect authorization
authenticated remote attacker
sensitive data
nvd
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
AI Score
7.8
Confidence
High
EPSS
0.001
Percentile
40.8%
RIFARTEK IOT Wall has a vulnerability of incorrect authorization. An authenticated remote attacker with general user privilege is allowed to perform specific privileged function to access and modify all sensitive data.
Affected configurations
Node
rifartekiot_wallMatch22
CNA Affected
[
{
"vendor": "Rifartek",
"product": "IOT Wall",
"versions": [
{
"version": "22",
"status": "affected"
}
]
}
]Related
prion
prion
Authorization
2023-03-27 04:15:00
cvelist
cvelist
CVE-2023-25017 Rifartek IOT Wall - Broken Access Control
2023-03-27 00:00:00
nvd
nvd
CVE-2023-25017
2023-03-27 04:15:10
CVSS3
8.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
AI Score
7.8
Confidence
High
EPSS
0.001
Percentile
40.8%
Related for CVE-2023-25017