CVE-2023-27388

Published: May 23, 2023Modified: Jan 31, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Improper authentication vulnerability in T&D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to login to the product as a registered user. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions).

Affected (10)

Products: Tandd: Tr 71w Firmware, Tr 72w Firmware, Rtr 5w Firmware, Wdr 7 Firmware, Wdr 3 Firmware, Ws 2 Firmware · Especmic: Rt 12n Firmware, Rs 12n Firmware, Rt 22bn Firmware, Teu 12n Firmware

6 products

4 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tandd Tr 71w Firmware	All versions

Running on/with	Platform Versions
Tandd Tr 71w	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tandd Tr 72w Firmware	All versions

Running on/with	Platform Versions
Tandd Tr 72w	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tandd Rtr 5w Firmware	All versions

Running on/with	Platform Versions
Tandd Rtr 5w	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tandd Wdr 7 Firmware	All versions

Running on/with	Platform Versions
Tandd Wdr 7	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tandd Wdr 3 Firmware	All versions

Running on/with	Platform Versions
Tandd Wdr 3	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tandd Ws 2 Firmware	All versions

Running on/with	Platform Versions
Tandd Ws 2	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Especmic Rt 12n Firmware	All versions

Running on/with	Platform Versions
Especmic Rt 12n	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Especmic Rs 12n Firmware	All versions

Running on/with	Platform Versions
Especmic Rs 12n	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Especmic Rt 22bn Firmware	All versions

Running on/with	Platform Versions
Especmic Rt 22bn	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Especmic Teu 12n Firmware	All versions

Running on/with	Platform Versions
Especmic Teu 12n	All versions

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (6)

https://jvn.jp/en/jp/JVN14778242/

Source: vultures@jpcert.or.jp

Third Party Advisory

https://www.monitoring.especmic.co.jp/post/VulnerabilityInRT-12N_RS-12N_RT-22BNandTEU-12N

Source: vultures@jpcert.or.jp

Vendor Advisory

https://www.tandd.com/news/detail.html?id=780

Source: vultures@jpcert.or.jp

Vendor Advisory

https://jvn.jp/en/jp/JVN14778242/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.monitoring.especmic.co.jp/post/VulnerabilityInRT-12N_RS-12N_RT-22BNandTEU-12N

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.tandd.com/news/detail.html?id=780

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.