Lucene search

TalosVULNRICHMENT:CVE-2023-46685

HistoryJul 08, 2024 - 3:22 p.m.

CVE-2023-46685

2024-07-0815:22:29

CWE-259

talos

github.com

vulnerability

hard-coded password

telnetd

levelone wbr-6013

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

39.3%

SSVC

Exploitation

poc

Automatable

yes

Technical Impact

total

JSON

A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A set of specially crafted network packets can lead to arbitrary command execution.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:realtek:rtl819x_software_development_kit:3.4.11:*:*:*:*:*:*:*"
    ],
    "vendor": "realtek",
    "product": "rtl819x_software_development_kit",
    "versions": [
      {
        "status": "affected",
        "version": "3.4.11"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:level_one:wbr6013:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*"
    ],
    "vendor": "level_one",
    "product": "wbr6013",
    "versions": [
      {
        "status": "affected",
        "version": "rer4_a_v3411b_2t2r_lev_09_170623"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

talosintelligence.com/vulnerability_reports/TALOS-2023-1871

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

39.3%

SSVC

Exploitation

poc

Automatable

yes

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2023-46685