CVE-2023-30762

Published: Jun 13, 2023Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Improper authentication vulnerability exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to 91110.1.101106.78, KB-AHR08D versions prior to 91210.1.101106.78, KB-AHR16D versions prior to 91310.1.101106.78, KB-IRIP04A versions prior to 95110.1.100290.78A, KB-IRIP08A versions prior to 95210.1.100290.78A, and KB-IRIP16A versions prior to 95310.1.100290.78A.

Affected (6)

Products: Kbdevice: Kb Ahr04d Firmware, Kb Ahr08d Firmware, Kb Ahr16d Firmware, Kb Irip04a Firmware, Kb Irip08a Firmware, Kb Irip16a Firmware

6 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kbdevice Kb Ahr04d Firmware	Before 91110.1.101106.78

Running on/with	Platform Versions
Kbdevice Kb Ahr04d	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kbdevice Kb Ahr08d Firmware	Before 91210.1.101106.78

Running on/with	Platform Versions
Kbdevice Kb Ahr08d	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kbdevice Kb Ahr16d Firmware	Before 91310.1.101106.78

Running on/with	Platform Versions
Kbdevice Kb Ahr16d	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kbdevice Kb Irip04a Firmware	Before 95110.1.100290.78a

Running on/with	Platform Versions
Kbdevice Kb Irip04a	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kbdevice Kb Irip08a Firmware	Before 95210.1.100290.78a

Running on/with	Platform Versions
Kbdevice Kb Irip08a	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kbdevice Kb Irip16a Firmware	Before 95310.1.100290.78a

Running on/with	Platform Versions
Kbdevice Kb Irip16a	All versions

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-306

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (4)

https://jvn.jp/en/vu/JVNVU90812349/

Source: vultures@jpcert.or.jp

Third Party Advisory

https://www.kbdevice.com/news/%e3%83%ac%e3%82%b3%e3%83%bc%e3%83%80%e3%83%bc%e3%81%ae%e3%83%8d%e3%83%83%e3%83%88%e3%83%af%e3%83%bc%e3%82%af%e6%94%bb%e6%92%83%e3%81%ab%e5%af%be%e3%81%99%e3%82%8b%e3%82%a2%e3%83%83%e3%83%97%e3%83%87/

Source: vultures@jpcert.or.jp

MitigationVendor Advisory

https://jvn.jp/en/vu/JVNVU90812349/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.