CVE-2023-27387

Published: May 23, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Cross-site request forgery (CSRF) in T&D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to conduct an arbitrary operation by having a logged-in user view a malicious page. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions).

Affected (10)

Products: Tandd: Tr 71w Firmware, Tr 72w Firmware, Rtr 5w Firmware, Wdr 7 Firmware, Wdr 3 Firmware, Ws 2 Firmware · Especmic: Rt 12n Firmware, Rs 12n Firmware, Rt 22bn Firmware, Teu 12n Firmware

6 products

4 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tandd Tr 71w Firmware	All versions

Running on/with	Platform Versions
Tandd Tr 71w	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tandd Tr 72w Firmware	All versions

Running on/with	Platform Versions
Tandd Tr 72w	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tandd Rtr 5w Firmware	All versions

Running on/with	Platform Versions
Tandd Rtr 5w	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tandd Wdr 7 Firmware	All versions

Running on/with	Platform Versions
Tandd Wdr 7	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tandd Wdr 3 Firmware	All versions

Running on/with	Platform Versions
Tandd Wdr 3	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tandd Ws 2 Firmware	All versions

Running on/with	Platform Versions
Tandd Ws 2	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Especmic Rt 12n Firmware	All versions

Running on/with	Platform Versions
Especmic Rt 12n	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Especmic Rs 12n Firmware	All versions

Running on/with	Platform Versions
Especmic Rs 12n	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Especmic Rt 22bn Firmware	All versions

Running on/with	Platform Versions
Especmic Rt 22bn	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Especmic Teu 12n Firmware	All versions

Running on/with	Platform Versions
Especmic Teu 12n	All versions

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

https://jvn.jp/en/jp/JVN14778242/

Source: vultures@jpcert.or.jp

Third Party Advisory

https://www.monitoring.especmic.co.jp/post/VulnerabilityInRT-12N_RS-12N_RT-22BNandTEU-12N

Source: vultures@jpcert.or.jp

Vendor Advisory

https://www.tandd.com/news/detail.html?id=780

Source: vultures@jpcert.or.jp

Vendor Advisory

https://jvn.jp/en/jp/JVN14778242/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.monitoring.especmic.co.jp/post/VulnerabilityInRT-12N_RS-12N_RT-22BNandTEU-12N

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.tandd.com/news/detail.html?id=780

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.