How severe is CVE-2023-2790?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2023-2790?

This is classified as CWE-260, which is a common weakness in software security.

CVE-2023-2790

MEDIUM Year: 2023

CVSS v3 Score

5.5

Medium

CVSS v2 Score

1.4

Low

Weakness Type

CWE-260

View all →

Vulnerability Description

A vulnerability classified as problematic has been found in TOTOLINK N200RE 9.3.5u.6255_B20211224. Affected is an unknown function of the file /squashfs-root/etc_ro/custom.conf of the component Telnet Service. The manipulation leads to password in configuration file. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-229374 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2020-5721

MEDIUM

CVSS:5.5(Medium)

MikroTik WinBox 3.22 and below stores the user's cleartext password in the settings.cfg.viw configuration file when the Keep Password field is set and no Master Password is set. Keep Password is set b...

CWE-2602020

CVE-2024-45673

MEDIUM

CVSS:5.5(Medium)

IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stor...

CWE-2602024

CVE-2024-49817

MEDIUM

CVSS:4.4(Medium)

IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user.

CWE-2602024

CVE-2016-7043

CRITICAL

CVSS:9.8(Critical)

It has been reported that KIE server and Busitess Central before version 7.21.0.Final contain username and password as plaintext Java properties. Any app deployed on the same server would have access ...

CWE-2602016

CVE-2017-7925

CRITICAL

CVSS:9.8(Critical)

A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, ...

CWE-2602017

CVE-2023-34128

CRITICAL

CVSS:9.8(Critical)

Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.

CWE-2602023

CVE-2023-2790

Vulnerability Description

Related Vulnerabilities

CVE-2020-5721

CVE-2024-45673

CVE-2024-49817

CVE-2016-7043

CVE-2017-7925

CVE-2023-34128