Lucene search

[email protected]NVD:CVE-2023-43134

HistorySep 20, 2023 - 8:15 p.m.

CVE-2023-43134

2023-09-2020:15:12

CWE-862

[email protected]

web.nvd.nist.gov

netis 360rac1200

unauthorized access

sensitive information

user tokens

backend management

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.001

Percentile

46.7%

JSON

There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.

Affected configurations

Nvd

Node

netis-systems360rMatch-

AND

netis-systems360r_firmwareMatch1.3.4517

VendorProductVersionCPE
netis-systems360r-cpe:2.3:h:netis-systems:360r:-:*:*:*:*:*:*:*
netis-systems360r_firmware1.3.4517cpe:2.3:o:netis-systems:360r_firmware:1.3.4517:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netis-systems	360r	-	cpe:2.3:h:netis-systems:360r:-:::::::*
netis-systems	360r_firmware	1.3.4517	cpe:2.3:o:netis-systems:360r_firmware:1.3.4517:::::::*

References

github.com/7R4C4R/CVE/blob/main/Netis-360R-AC1200/unauthorized%20access/readme.md

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.001

Percentile

46.7%

JSON

Related for NVD:CVE-2023-43134

prion1 cvelist1 cve1