exploitDog

CVE-2023-23120

Опубликовано: 02 фев. 2023

Источник: nvd

CVSS3: 5.9

EPSS Низкий

Описание

The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes TRENDnet TV-IP651WI Network Camera firmware version v1.07.01 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the checksum verification.

Ссылки

https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/HJl1oFzci
Exploit
Third Party Advisory
https://www.trendnet.com/support/
Vendor Advisory
https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/HJl1oFzci
Exploit
Third Party Advisory
https://www.trendnet.com/support/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:trendnet:tv-ip651wi_firmware:*:*:*:*:*:*:*:*

Версия до 1.07.01 (включая)

cpe:2.3:h:trendnet:tv-ip651wi:-:*:*:*:*:*:*:*

EPSS

Процентиль: 35%

0.00147

Низкий

5.9 Medium

CVSS3

Дефекты

CWE-354

CWE-354

Связанные уязвимости

GHSA-29gq-wq8x-vfcr

CVSS3: 5.9

github

около 3 лет назад

The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes TRENDnet TV-IP651WI Network Camera firmware version v1.07.01 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the checksum verification.

EPSS

Процентиль: 35%

0.00147

Низкий

5.9 Medium

CVSS3

Дефекты

CWE-354

CWE-354