CVE-2023-41966

🗓️ 26 Oct 2023 16:21:56Reported by icscertType

cve🔗 web.nvd.nist.gov👁 36 Views🌐 WEB

Privilege escalation vulnerability in application, HTTP POST parameter

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2023-41966	26 Oct 202320:15	–	circl
CNNVD	Sielco Analog FM Transmitters Security Vulnerability	26 Oct 202300:00	–	cnnvd
Cvelist	CVE-2023-41966 Sielco Radio Link and Analog FM Transmitters Privilege Defined With Unsafe Actions	26 Oct 202316:21	–	cvelist
EUVD	EUVD-2023-46425	3 Oct 202520:07	–	euvd
NVD	CVE-2023-41966	26 Oct 202317:15	–	nvd
Prion	Privilege escalation	26 Oct 202317:15	–	prion
Positive Technologies	PT-2023-28196 · Sielco · Analog Fm Transmitter +12	26 Oct 202300:00	–	ptsecurity
Vulnrichment	CVE-2023-41966 Sielco Radio Link and Analog FM Transmitters Privilege Defined With Unsafe Actions	26 Oct 202316:21	–	vulnrichment
Zero Science Lab	Sielco Analog FM Transmitter 2.12 Remote Privilege Escalation	28 Mar 202300:00	–	zeroscience
Zero Science Lab	Sielco Radio Link 2.06 Remote Privilege Escalation	30 Mar 202300:00	–	zeroscience

NVD

Vulners

Node

sielco analog_fm_transmitter_exc5000gx_firmwareMatch-

AND

sielco analog_fm_transmitter_exc5000gxMatch2.12

Node

sielco analog_fm_transmitter_exc120gx_firmwareMatch-

AND

sielco analog_fm_transmitter_exc120gxMatch2.12

Node

sielco analog_fm_transmitter_exc300gx_firmwareMatch-

AND

sielco analog_fm_transmitter_exc300gxMatch2.11

Node

sielco analog_fm_transmitter_exc1600gx_firmwareMatch-

AND

sielco analog_fm_transmitter_exc1600gxMatch2.10

Node

sielco analog_fm_transmitter_exc2000gx_firmwareMatch-

AND

sielco analog_fm_transmitter_exc2000gxMatch2.10

Node

sielco analog_fm_transmitter_exc1600gx_firmwareMatch-

AND

sielco analog_fm_transmitter_exc1600gxMatch2.08

Node

sielco analog_fm_transmitter_exc1000gx_firmwareMatch-

AND

sielco analog_fm_transmitter_exc1000gxMatch2.08

Node

sielco analog_fm_transmitter_exc3000gx_firmwareMatch-

AND

sielco analog_fm_transmitter_exc3000gxMatch2.07

Node

sielco analog_fm_transmitter_exc5000gx_firmwareMatch-

AND

sielco analog_fm_transmitter_exc5000gxMatch2.06

Node

sielco analog_fm_transmitter_exc30gt_firmwareMatch-

AND

sielco analog_fm_transmitter_exc30gtMatch1.7.7

Node

sielco analog_fm_transmitter_exc300gt_firmwareMatch-

AND

sielco analog_fm_transmitter_exc300gtMatch1.7.4

Node

sielco analog_fm_transmitter_exc100gt_firmwareMatch-

AND

sielco analog_fm_transmitter_exc100gtMatch1.7.4

Node

sielco analog_fm_transmitter_exc5000gt_firmwareMatch-

AND

sielco analog_fm_transmitter_exc5000gtMatch1.7.4

Node

sielco analog_fm_transmitter_exc1000gt_firmwareMatch-

AND

sielco analog_fm_transmitter_exc1000gtMatch1.6.3

Node

sielco analog_fm_transmitter_exc120gt_firmwareMatch-

AND

sielco analog_fm_transmitter_exc120gtMatch1.5.4

Node

sielco radio_link_rtx19_firmwareMatch-

AND

sielco radio_link_rtx19Match2.06

Node

sielco radio_link_rtx19_firmwareMatch-

AND

sielco radio_link_rtx19Match2.05

Node

sielco radio_link_exc19_firmwareMatch-

AND

sielco radio_link_exc19Match2.00

Node

sielco radio_link_rtx19_firmwareMatch-

AND

sielco radio_link_rtx19Match1.60

Node

sielco radio_link_rtx19_firmwareMatch-

AND

sielco radio_link_rtx19Match1.59

Node

sielco radio_link_exc19_firmwareMatch-

AND

sielco radio_link_exc19Match1.55

[
  {
    "defaultStatus": "unaffected",
    "product": "Analog FM transmitter",
    "vendor": "Sielco",
    "versions": [
      {
        "status": "affected",
        "version": "2.12 (EXC5000GX)"
      },
      {
        "status": "affected",
        "version": "2.12 (EXC120GX)"
      },
      {
        "status": "affected",
        "version": "2.11 (EXC300GX)"
      },
      {
        "status": "affected",
        "version": "2.10 (EXC1600GX)"
      },
      {
        "status": "affected",
        "version": "2.10 (EXC2000GX)"
      },
      {
        "status": "affected",
        "version": "2.08 (EXC1600GX)"
      },
      {
        "status": "affected",
        "version": "2.08 (EXC1000GX)"
      },
      {
        "status": "affected",
        "version": "2.07 (EXC3000GX)"
      },
      {
        "status": "affected",
        "version": "2.06 (EXC5000GX)"
      },
      {
        "status": "affected",
        "version": "1.7.7 (EXC30GT)"
      },
      {
        "status": "affected",
        "version": "1.7.4 (EXC300GT)"
      },
      {
        "status": "affected",
        "version": "1.7.4 (EXC100GT)"
      },
      {
        "status": "affected",
        "version": "1.7.4 (EXC5000GT)"
      },
      {
        "status": "affected",
        "version": "1.6.3 (EXC1000GT)"
      },
      {
        "status": "affected",
        "version": "1.5.4 (EXC120GT)"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Radio Link",
    "vendor": "Sielco ",
    "versions": [
      {
        "status": "affected",
        "version": "2.06 (RTX19)"
      },
      {
        "status": "affected",
        "version": "2.05 (RTX19)"
      },
      {
        "status": "affected",
        "version": "2.00 (EXC19)"
      },
      {
        "status": "affected",
        "version": "1.60 (RTX19)"
      },
      {
        "status": "affected",
        "version": "1.59 (RTX19)"
      },
      {
        "status": "affected",
        "version": "1.55 (EXC19)"
      }
    ]
  }
]

Source	Link
cisa	www.cisa.gov/news-events/ics-advisories/icsa-23-299-08
sielco	www.sielco.org/en/contacts

Parameter	Position	Path	Description	CWE
auth1	request body	/protect/users_rx.htm	Privilege escalation via POST with auth parameters to elevate permissions	CWE-269, CWE-267
auth2	request body	/protect/users_rx.htm	Privilege escalation via POST with auth parameters to elevate permissions	CWE-269, CWE-267
auth3	request body	/protect/users_rx.htm	Privilege escalation via POST with auth parameters to elevate permissions	CWE-269, CWE-267

21 Nov 2024 08:22Current

7.6High risk

Vulners AI Score7.6

CVSS 3.16.5 - 8.8

EPSS0.00057

SSVC