CVE-2023-43849

1976-01-0100:00:00

mitre

github.com

AI Score

6.8

Confidence

High

SSVC

Exploitation

poc

Automatable

Technical Impact

partial

JSON

Incorrect access control in firmware upgrade function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to submit a firmware image via HTTP POST requests. This may result in DoS or remote code execution.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:aten:pe6208:2.3.228:*:*:*:*:*:*:*"
    ],
    "vendor": "aten",
    "product": "pe6208",
    "versions": [
      {
        "status": "affected",
        "version": "2.3.228"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:aten:pe6208:2.4.232:*:*:*:*:*:*:*"
    ],
    "vendor": "aten",
    "product": "pe6208",
    "versions": [
      {
        "status": "affected",
        "version": "2.4.232"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

github.com/setersora/pe6208