CVE-2023-22654

Published: May 23, 2023Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

Client-side enforcement of server-side security issue exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may lead to an arbitrary script execution on a logged-in user's web browser. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions).

Affected (10)

Products: Tandd: Tr 71w Firmware, Tr 72w Firmware, Rtr 5w Firmware, Wdr 7 Firmware, Wdr 3 Firmware, Ws 2 Firmware · Especmic: Rt 12n Firmware, Rs 12n Firmware, Rt 22bn Firmware, Teu 12n Firmware

6 products

4 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tandd Tr 71w Firmware	All versions

Running on/with	Platform Versions
Tandd Tr 71w	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tandd Tr 72w Firmware	All versions

Running on/with	Platform Versions
Tandd Tr 72w	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tandd Rtr 5w Firmware	All versions

Running on/with	Platform Versions
Tandd Rtr 5w	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tandd Wdr 7 Firmware	All versions

Running on/with	Platform Versions
Tandd Wdr 7	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tandd Wdr 3 Firmware	All versions

Running on/with	Platform Versions
Tandd Wdr 3	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tandd Ws 2 Firmware	All versions

Running on/with	Platform Versions
Tandd Ws 2	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Especmic Rt 12n Firmware	All versions

Running on/with	Platform Versions
Especmic Rt 12n	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Especmic Rs 12n Firmware	All versions

Running on/with	Platform Versions
Especmic Rs 12n	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Especmic Rt 22bn Firmware	All versions

Running on/with	Platform Versions
Especmic Rt 22bn	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Especmic Teu 12n Firmware	All versions

Running on/with	Platform Versions
Especmic Teu 12n	All versions

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

https://jvn.jp/en/jp/JVN14778242/

Source: vultures@jpcert.or.jp

Third Party Advisory

https://www.monitoring.especmic.co.jp/post/VulnerabilityInRT-12N_RS-12N_RT-22BNandTEU-12N

Source: vultures@jpcert.or.jp

Vendor Advisory

https://www.tandd.com/news/detail.html?id=780

Source: vultures@jpcert.or.jp

Vendor Advisory

https://jvn.jp/en/jp/JVN14778242/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.monitoring.especmic.co.jp/post/VulnerabilityInRT-12N_RS-12N_RT-22BNandTEU-12N

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.tandd.com/news/detail.html?id=780

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.