CVE-2023-6930

Published: Dec 19, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

EuroTel ETL3100 versions v01c01 and v01x37 suffer from an unauthenticated configuration and log download vulnerability. This enables the attacker to disclose sensitive information and assist in authentication bypass, privilege escalation, and full system access.

Affected (2)

Products: Eurotel: Etl3100 Firmware

1 product

Etl3100 Firmware

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Eurotel Etl3100 Firmware	Version 01c01
Eurotel Etl3100 Firmware	Version 01x37

Running on/with	Platform Versions
Eurotel Etl3100	All versions

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-05

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-05

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.