CVE-2023-43848

1976-01-0100:00:00

mitre

github.com

AI Score

6.8

Confidence

Low

SSVC

Exploitation

poc

Automatable

Technical Impact

total

JSON

Incorrect access control in the firewall management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to alter local firewall settings of the device as if they were the administrator via HTTP POST request.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:o:aten:pe6208_firmware:2.3.228:*:*:*:*:*:*:*"
    ],
    "vendor": "aten",
    "product": "pe6208_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "2.3.228"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:aten:pe6208_firmware:2.4.232:*:*:*:*:*:*:*"
    ],
    "vendor": "aten",
    "product": "pe6208_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "2.4.232"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

github.com/setersora/pe6208