CVE-2023-49261 Sensitive authentication-related value accessible publicly

2024-01-1214:25:26

CWE-200

CERT-PL

www.cve.org

sensitive data

authentication value

0.001 Low

EPSS

Percentile

37.3%

JSON

The “tokenKey” value used in user authorization is visible in the HTML source of the login page.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "H8951-4G-ESP",
    "vendor": "Hongdian",
    "versions": [
      {
        "lessThan": "2310271149",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

cert.pl/en/posts/2024/01/CVE-2023-49253/

cert.pl/posts/2024/01/CVE-2023-49253/

0.001 Low

EPSS

Percentile

37.3%

JSON

Related for CVELIST:CVE-2023-49261