CVE-2023-6929

2023-12-1923:15:08

CWE-639

[email protected]

web.nvd.nist.gov

eurotel

etl3100

v01c01

v01x37

insecure direct object references

vulnerability

unauthorized access

hidden resources

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers can bypass authorization, access the hidden resources on the system, and execute privileged functionalities.

Affected configurations

NVD

Node

euroteletl3100_firmwareMatch01c01

euroteletl3100_firmwareMatch01x37

AND

euroteletl3100Match-

CPENameOperatorVersion
eurotel:etl3100_firmwareeurotel etl3100 firmwareeq01c01
eurotel:etl3100_firmwareeurotel etl3100 firmwareeq01x37

CPE	Name	Operator	Version
eurotel:etl3100_firmware	eurotel etl3100 firmware	eq	01c01
eurotel:etl3100_firmware	eurotel etl3100 firmware	eq	01x37

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ETL3100",
    "vendor": "EuroTel",
    "versions": [
      {
        "status": "affected",
        "version": "v01c01"
      },
      {
        "status": "affected",
        "version": "v01x37"
      }
    ]
  }
]