CVE-2023-43134

Published: Sep 20, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.

Affected (1)

Products: Netis Systems: 360r Firmware

Netis Systems

1 product

360r Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netis Systems 360r Firmware	Version 1.3.4517

Running on/with	Platform Versions
Netis Systems 360r	All versions

Related CWEs

CWE-862

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://github.com/7R4C4R/CVE/blob/main/Netis-360R-AC1200/unauthorized%20access/readme.md

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/7R4C4R/CVE/blob/main/Netis-360R-AC1200/unauthorized%20access/readme.md

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.