CVE-2023-29116

Published: Nov 5, 2024Modified: Nov 8, 2024

4.3

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained.

Affected (1)

Products: Enelx: Waybox Pro Firmware

Enelx

1 product

Waybox Pro Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Enelx Waybox Pro Firmware	Before 2.1.1.0_jb3vu096a

Running on/with	Platform Versions
Enelx Waybox Pro	Version 3.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (1)

https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf

Source: cve@asrg.io

Vendor Advisory

Timeline

No history available yet.