CVE-2023-34672

Published: Jun 23, 2023Modified: Dec 5, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Improper Access Control leads to adding a high-privilege user affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role within the admin profile. An attack could occur over the public Internet in some cases.

Affected (1)

Products: Elenos: Etg150 Firmware

Elenos

1 product

Etg150 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Elenos Etg150 Firmware	Version 3.12

Running on/with	Platform Versions
Elenos Etg150	All versions

Related CWEs

CWE-281

Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

References (4)

http://elenos.com

Source: cve@mitre.org

Product

https://strik3r.gitbook.io/strik3r-blog/security-research/cves-pocs/cve-2023-34672

Source: cve@mitre.org

ExploitThird Party Advisory

http://elenos.com

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://strik3r.gitbook.io/strik3r-blog/security-research/cves-pocs/cve-2023-34672

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.