Lucene search

[email protected]NVD:CVE-2023-45194

HistoryOct 11, 2023 - 1:15 a.m.

CVE-2023-45194

2023-10-1101:15:08

CWE-798

[email protected]

web.nvd.nist.gov

cve-2023-45194

default credentials

mr-gm2

mr-gm3

firmware vulnerability

wireless lan interception

4.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

4.7 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.2%

JSON

Use of default credentials vulnerability in MR-GM2 firmware Ver. 3.00.03 and earlier, and MR-GM3 (-D/-K/-S/-DK/-DKS/-M/-W) firmware Ver. 1.03.45 and earlier allows a network-adjacent unauthenticated attacker to intercept wireless LAN communication, when the affected product performs the communication without changing the pre-shared key from the factory-default configuration.

Affected configurations

NVD

Node

mrlmr-gm3-d_firmwareRange<1.04.00

AND

mrlmr-gm3-dMatch-

Node

mrlmr-gm3-k_firmwareRange<1.04.00

AND

mrlmr-gm3-kMatch-

Node

mrlmr-gm3-s_firmwareRange<1.04.00

AND

mrlmr-gm3-sMatch-

Node

mrlmr-gm3-dks_firmwareRange<1.04.00

AND

mrlmr-gm3-dksMatch-

Node

mrlmr-gm3-m_firmwareRange<1.04.00

AND

mrlmr-gm3-mMatch-

Node

mrlmr-gm2_firmwareRange<3.01.00

AND

mrlmr-gm2Match-

Node

mrlmr-gm3-w_firmwareRange<1.04.00

AND

mrlmr-gm3-wMatch-

References

jvn.jp/en/vu/JVNVU99039725/

www.mrl.co.jp/20231005_security/

4.3 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

4.7 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.2%

JSON

Related for NVD:CVE-2023-45194

cve1 cvelist1 prion1