Lucene search

[email protected]CVE-2023-6930

HistoryDec 19, 2023 - 11:15 p.m.

CVE-2023-6930

2023-12-1923:15:08

CWE-284

[email protected]

web.nvd.nist.gov

cve-2023-6930

eurotel

etl3100

vulnerability

unauthenticated

configuration

log download

disclosure

authentication bypass

privilege escalation

system access

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

EuroTel ETL3100 versions v01c01 and v01x37 suffer from an unauthenticated configuration and log download vulnerability. This enables the attacker to disclose sensitive information and assist in authentication bypass, privilege escalation, and full system access.

Affected configurations

NVD

Node

euroteletl3100_firmwareMatch01c01

euroteletl3100_firmwareMatch01x37

AND

euroteletl3100Match-

CPENameOperatorVersion
eurotel:etl3100_firmwareeurotel etl3100 firmwareeq01c01
eurotel:etl3100_firmwareeurotel etl3100 firmwareeq01x37

CPE	Name	Operator	Version
eurotel:etl3100_firmware	eurotel etl3100 firmware	eq	01c01
eurotel:etl3100_firmware	eurotel etl3100 firmware	eq	01x37

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ETL3100",
    "vendor": "EuroTel",
    "versions": [
      {
        "status": "affected",
        "version": "v01c01"
      },
      {
        "status": "affected",
        "version": "v01x37"
      }
    ]
  }
]