CVE-2023-23545

Published: May 23, 2023Modified: Jan 31, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Missing authentication for critical function exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may allow a remote unauthenticated attacker to alter the product settings without authentication. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions).

Affected (10)

Products: Tandd: Tr 71w Firmware, Tr 72w Firmware, Rtr 5w Firmware, Wdr 7 Firmware, Wdr 3 Firmware, Ws 2 Firmware · Especmic: Rt 12n Firmware, Rs 12n Firmware, Rt 22bn Firmware, Teu 12n Firmware

6 products

4 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tandd Tr 71w Firmware	All versions

Running on/with	Platform Versions
Tandd Tr 71w	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tandd Tr 72w Firmware	All versions

Running on/with	Platform Versions
Tandd Tr 72w	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tandd Rtr 5w Firmware	All versions

Running on/with	Platform Versions
Tandd Rtr 5w	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tandd Wdr 7 Firmware	All versions

Running on/with	Platform Versions
Tandd Wdr 7	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tandd Wdr 3 Firmware	All versions

Running on/with	Platform Versions
Tandd Wdr 3	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tandd Ws 2 Firmware	All versions

Running on/with	Platform Versions
Tandd Ws 2	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Especmic Rt 12n Firmware	All versions

Running on/with	Platform Versions
Especmic Rt 12n	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Especmic Rs 12n Firmware	All versions

Running on/with	Platform Versions
Especmic Rs 12n	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Especmic Rt 22bn Firmware	All versions

Running on/with	Platform Versions
Especmic Rt 22bn	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Especmic Teu 12n Firmware	All versions

Running on/with	Platform Versions
Especmic Teu 12n	All versions

Related CWEs

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (6)

https://jvn.jp/en/jp/JVN14778242/

Source: vultures@jpcert.or.jp

Third Party Advisory

https://www.monitoring.especmic.co.jp/post/VulnerabilityInRT-12N_RS-12N_RT-22BNandTEU-12N

Source: vultures@jpcert.or.jp

Vendor Advisory

https://www.tandd.com/news/detail.html?id=780

Source: vultures@jpcert.or.jp

Vendor Advisory

https://jvn.jp/en/jp/JVN14778242/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.monitoring.especmic.co.jp/post/VulnerabilityInRT-12N_RS-12N_RT-22BNandTEU-12N

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.tandd.com/news/detail.html?id=780

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.