CVE-2023-33468

Published: Aug 9, 2023Modified: Nov 21, 2024

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmation code remotely, bypassing the need to obtain it directly from the physical screen.

Affected (2)

Products: Kramerav: Via Go2 Firmware, Via Connect2 Firmware

2 products

Via Go2 Firmware

Via Connect2 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kramerav Via Go2 Firmware	Before 4.0.1.1326

Running on/with	Platform Versions
Kramerav Via Go2	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Kramerav Via Connect2 Firmware	Before 4.0.1.1326

Running on/with	Platform Versions
Kramerav Via Connect2	All versions

Related CWEs

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (4)

http://kramerav.com

Source: cve@mitre.org

Not Applicable

https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2023-33468

Source: cve@mitre.org

ExploitThird Party Advisory

http://kramerav.com

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2023-33468

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.