CVE-2023-45228

🗓️ 26 Oct 2023 16:19:41Reported by icscertType

cve🔗 web.nvd.nist.gov👁 53 Views🌐 WEB

The app has improper access control allowing user manipulation via a single HTTP POST request

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2023-45228	26 Oct 202320:16	–	circl
CNNVD	Sielco Analog FM Transmitters Security Vulnerability	26 Oct 202300:00	–	cnnvd
Cvelist	CVE-2023-45228 Sielco Radio Link and Analog FM Transmitters Improper Access Control	26 Oct 202316:19	–	cvelist
EUVD	EUVD-2023-49534	3 Oct 202520:07	–	euvd
NVD	CVE-2023-45228	26 Oct 202317:15	–	nvd
Prion	Improper access control	26 Oct 202317:15	–	prion
Positive Technologies	PT-2023-29464 · Sielco · Analog Fm Transmitter +12	26 Oct 202300:00	–	ptsecurity
Vulnrichment	CVE-2023-45228 Sielco Radio Link and Analog FM Transmitters Improper Access Control	26 Oct 202316:19	–	vulnrichment
Zero Science Lab	Sielco Analog FM Transmitter 2.12 Improper Access Control Change Admin Password	28 Mar 202300:00	–	zeroscience
Zero Science Lab	Sielco Radio Link 2.06 Improper Access Control Change Admin Password	30 Mar 202300:00	–	zeroscience

NVD

Vulners

Node

sielco analog_fm_transmitter_exc5000gx_firmwareMatch-

AND

sielco analog_fm_transmitter_exc5000gxMatch2.12

Node

sielco analog_fm_transmitter_exc120gx_firmwareMatch-

AND

sielco analog_fm_transmitter_exc120gxMatch2.12

Node

sielco analog_fm_transmitter_exc300gx_firmwareMatch-

AND

sielco analog_fm_transmitter_exc300gxMatch2.11

Node

sielco analog_fm_transmitter_exc1600gx_firmwareMatch-

AND

sielco analog_fm_transmitter_exc1600gxMatch2.10

Node

sielco analog_fm_transmitter_exc2000gx_firmwareMatch-

AND

sielco analog_fm_transmitter_exc2000gxMatch2.10

Node

sielco analog_fm_transmitter_exc1600gx_firmwareMatch-

AND

sielco analog_fm_transmitter_exc1600gxMatch2.08

Node

sielco analog_fm_transmitter_exc1000gx_firmwareMatch-

AND

sielco analog_fm_transmitter_exc1000gxMatch2.08

Node

sielco analog_fm_transmitter_exc3000gx_firmwareMatch-

AND

sielco analog_fm_transmitter_exc3000gxMatch2.07

Node

sielco analog_fm_transmitter_exc5000gx_firmwareMatch-

AND

sielco analog_fm_transmitter_exc5000gxMatch2.06

Node

sielco analog_fm_transmitter_exc30gt_firmwareMatch-

AND

sielco analog_fm_transmitter_exc30gtMatch1.7.7

Node

sielco analog_fm_transmitter_exc300gt_firmwareMatch-

AND

sielco analog_fm_transmitter_exc300gtMatch1.7.4

Node

sielco analog_fm_transmitter_exc100gt_firmwareMatch-

AND

sielco analog_fm_transmitter_exc100gtMatch1.7.4

Node

sielco analog_fm_transmitter_exc5000gt_firmwareMatch-

AND

sielco analog_fm_transmitter_exc5000gtMatch1.7.4

Node

sielco analog_fm_transmitter_exc1000gt_firmwareMatch-

AND

sielco analog_fm_transmitter_exc1000gtMatch1.6.3

Node

sielco analog_fm_transmitter_exc120gt_firmwareMatch-

AND

sielco analog_fm_transmitter_exc120gtMatch1.5.4

Node

sielco radio_link_rtx19_firmwareMatch-

AND

sielco radio_link_rtx19Match2.06

Node

sielco radio_link_rtx19_firmwareMatch-

AND

sielco radio_link_rtx19Match2.05

Node

sielco radio_link_exc19_firmwareMatch-

AND

sielco radio_link_exc19Match2.00

Node

sielco radio_link_rtx19_firmwareMatch-

AND

sielco radio_link_rtx19Match1.60

Node

sielco radio_link_rtx19_firmwareMatch-

AND

sielco radio_link_rtx19Match1.59

Node

sielco radio_link_exc19_firmwareMatch-

AND

sielco radio_link_exc19Match1.55

[
  {
    "defaultStatus": "unaffected",
    "product": "Analog FM transmitter",
    "vendor": "Sielco",
    "versions": [
      {
        "status": "affected",
        "version": "2.12 (EXC5000GX)"
      },
      {
        "status": "affected",
        "version": "2.12 (EXC120GX)"
      },
      {
        "status": "affected",
        "version": "2.11 (EXC300GX)"
      },
      {
        "status": "affected",
        "version": "2.10 (EXC1600GX)"
      },
      {
        "status": "affected",
        "version": "2.10 (EXC2000GX)"
      },
      {
        "status": "affected",
        "version": "2.08 (EXC1600GX)"
      },
      {
        "status": "affected",
        "version": "2.08 (EXC1000GX)"
      },
      {
        "status": "affected",
        "version": "2.07 (EXC3000GX)"
      },
      {
        "status": "affected",
        "version": "2.06 (EXC5000GX)"
      },
      {
        "status": "affected",
        "version": "1.7.7 (EXC30GT)"
      },
      {
        "status": "affected",
        "version": "1.7.4 (EXC300GT)"
      },
      {
        "status": "affected",
        "version": "1.7.4 (EXC100GT)"
      },
      {
        "status": "affected",
        "version": "1.7.4 (EXC5000GT)"
      },
      {
        "status": "affected",
        "version": "1.6.3 (EXC1000GT)"
      },
      {
        "status": "affected",
        "version": "1.5.4 (EXC120GT)"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Radio Link",
    "vendor": "Sielco ",
    "versions": [
      {
        "status": "affected",
        "version": "2.06 (RTX19)"
      },
      {
        "status": "affected",
        "version": "2.05 (RTX19)"
      },
      {
        "status": "affected",
        "version": "2.00 (EXC19)"
      },
      {
        "status": "affected",
        "version": "1.60 (RTX19)"
      },
      {
        "status": "affected",
        "version": "1.59 (RTX19)"
      },
      {
        "status": "affected",
        "version": "1.55 (EXC19)"
      }
    ]
  }
]

Source	Link
sielco	www.sielco.org/en/contacts
cisa	www.cisa.gov/news-events/ics-advisories/icsa-23-299-08

Parameter	Position	Path	Description	CWE
pwd0	request body	/protect/users_rx.htm	Improper access control allows a user with read permissions to modify other users and admin credentials via a crafted POST request with manipulated parameters.	CWE-284
pwd0bis	request body	/protect/users_rx.htm	Improper access control allows a user with read permissions to modify other users and admin credentials via a crafted POST request with manipulated parameters.	CWE-284
user1	request body	/protect/users_rx.htm	Improper access control allows a user with read permissions to modify other users and admin credentials via a crafted POST request with manipulated parameters.	CWE-284
pwd1	request body	/protect/users_rx.htm	Improper access control allows a user with read permissions to modify other users and admin credentials via a crafted POST request with manipulated parameters.	CWE-284
pwd1bis	request body	/protect/users_rx.htm	Improper access control allows a user with read permissions to modify other users and admin credentials via a crafted POST request with manipulated parameters.	CWE-284
auth1	request body	/protect/users_rx.htm	Improper access control allows a user with read permissions to modify other users and admin credentials via a crafted POST request with manipulated parameters.	CWE-284
user2	request body	/protect/users_rx.htm	Improper access control allows a user with read permissions to modify other users and admin credentials via a crafted POST request with manipulated parameters.	CWE-284
pwd2	request body	/protect/users_rx.htm	Improper access control allows a user with read permissions to modify other users and admin credentials via a crafted POST request with manipulated parameters.	CWE-284
pwd2bis	request body	/protect/users_rx.htm	Improper access control allows a user with read permissions to modify other users and admin credentials via a crafted POST request with manipulated parameters.	CWE-284
auth2	request body	/protect/users_rx.htm	Improper access control allows a user with read permissions to modify other users and admin credentials via a crafted POST request with manipulated parameters.	CWE-284

17 Jun 2026 06:28Current

6.7Medium risk

Vulners AI Score6.7

CVSS 3.16.5

EPSS0.00355

SSVC

CWE-284