Lucene search

MitreCVE-2023-29709

HistoryJun 22, 2023 - 11:15 a.m.

CVE-2023-29709

2023-06-2211:15:09

mitre

web.nvd.nist.gov

cve-2023-29709

wildix

wsg24poe

authentication bypass

cgi

nvd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

35.7%

JSON

An issue was discovered in /cgi-bin/login_rj.cgi in Wildix WSG24POE version 103SP7D190822, allows attackers to bypass authentication.

Affected configurations

Nvd

Node

wildixwsg24poe_firmwareMatch103sp7d190822

AND

wildixwsg24poeMatch-

VendorProductVersionCPE
wildixwsg24poe_firmware103sp7d190822cpe:2.3:o:wildix:wsg24poe_firmware:103sp7d190822:*:*:*:*:*:*:*
wildixwsg24poe-cpe:2.3:h:wildix:wsg24poe:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wildix	wsg24poe_firmware	103sp7d190822	cpe:2.3:o:wildix:wsg24poe_firmware:103sp7d190822:::::::*
wildix	wsg24poe	-	cpe:2.3:h:wildix:wsg24poe:-:::::::*

References

github.com/shellpei/Wildix-Logical/blob/main/CVE-2023-29709

holistic-height-e6d.notion.site/Wildix-WSG24POE-Logical-vulnerability-7780c24cc25b40dd9d2830f7b21f04a3

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

35.7%

JSON

Related for CVE-2023-29709