CVE-2023-48257

HIGH Year: 2023
CVSS v3 Score
8.8
High
Weakness Type
CWE-1391
View all →

Vulnerability Description

The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by unauthenticated users, by accessing already-exported backup packages, or crafting an import package and inducing an authenticated victim into sending the HTTP upload request.

Related Vulnerabilities

CVE-2024-29071

HIGH
CVSS:8.8(High)

HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may change the system settings.

CWE-13912024

CVE-2023-0635

CRITICAL
CVSS:9.8(Critical)

Improper Privilege Management vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Ser...

CWE-13912023

CVE-2023-31240

CRITICAL
CVSS:9.8(Critical)

Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hidden superuser account accessible through...

CWE-13912023

CVE-2024-1039

CRITICAL
CVSS:9.8(Critical)

Gessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if exploited could allow an attacker control over the web management of the device.

CWE-13912024

CVE-2024-12728

CRITICAL
CVSS:9.8(Critical)

A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3).

CWE-13912024

CVE-2024-43698

CRITICAL
CVSS:9.8(Critical)

Kieback & Peter's DDC4000 series uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system.

CWE-13912024