Lucene search

[email protected]CVE-2023-34834

HistoryJun 29, 2023 - 3:15 a.m.

CVE-2023-34834

2023-06-2903:15:09

[email protected]

web.nvd.nist.gov

cve-2023-34834

mcl-net

directory browsing

vulnerability

webserver

default port 5080

sensitive information

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.082 Low

EPSS

Percentile

94.4%

JSON

A Directory Browsing vulnerability in MCL-Net version 4.3.5.8788 webserver running on default port 5080, allows attackers to gain sensitive information about the configured databases via the “/file” endpoint.

Affected configurations

NVD

Node

mcl-collectionmcl-netMatch-

AND

mcl-collectionmcl-net_firmwareMatch4.3.5.8788

CPENameOperatorVersion
mcl-collection:mcl-net_firmwaremcl-collection mcl-net firmwareeq4.3.5.8788

CPE	Name	Operator	Version
mcl-collection:mcl-net_firmware	mcl-collection mcl-net firmware	eq	4.3.5.8788

References

www.mclv4.mcl-collection.com/index.php

www.exploit-db.com/exploits/51542

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.082 Low

EPSS

Percentile

94.4%

JSON

Related for CVE-2023-34834

prion1 zdt1 packetstorm1 cvelist1 nvd1 exploitdb1