CVE-2023-35830
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
77.0%
STW (aka Sensor-Technik Wiedemann) TCG-4 Connectivity Module DeploymentPackage_v3.03r0-Impala and DeploymentPackage_v3.04r2-Jellyfish and TCG-4lite Connectivity Module DeploymentPackage_v3.04r2-Jellyfish allow an attacker to gain full remote access with root privileges without the need for authentication, giving an attacker arbitrary remote code execution over LTE / 4G network via SMS.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| stw-mobile-machines | tcg-4_firmware | 3.01r1 | cpe:2.3:o:stw-mobile-machines:tcg-4_firmware:3.01r1:*:*:*:*:*:*:* |
| stw-mobile-machines | tcg-4_firmware | 3.02r0 | cpe:2.3:o:stw-mobile-machines:tcg-4_firmware:3.02r0:*:*:*:*:*:*:* |
| stw-mobile-machines | tcg-4_firmware | 3.03r0 | cpe:2.3:o:stw-mobile-machines:tcg-4_firmware:3.03r0:*:*:*:*:*:*:* |
| stw-mobile-machines | tcg-4_firmware | 3.04r2 | cpe:2.3:o:stw-mobile-machines:tcg-4_firmware:3.04r2:*:*:*:*:*:*:* |
| stw-mobile-machines | tcg-4 | - | cpe:2.3:h:stw-mobile-machines:tcg-4:-:*:*:*:*:*:*:* |
| stw-mobile-machines | tcg-4lite_firmware | 3.04r2 | cpe:2.3:o:stw-mobile-machines:tcg-4lite_firmware:3.04r2:*:*:*:*:*:*:* |
| stw-mobile-machines | tcg-4lite | - | cpe:2.3:h:stw-mobile-machines:tcg-4lite:-:*:*:*:*:*:*:* |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
77.0%