CVE-2023-35830

Опубликовано: 29 июн. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

STW (aka Sensor-Technik Wiedemann) TCG-4 Connectivity Module DeploymentPackage_v3.03r0-Impala and DeploymentPackage_v3.04r2-Jellyfish and TCG-4lite Connectivity Module DeploymentPackage_v3.04r2-Jellyfish allow an attacker to gain full remote access with root privileges without the need for authentication, giving an attacker arbitrary remote code execution over LTE / 4G network via SMS.

Ссылки

https://www.stw-mobile-machines.com/fileadmin/user_upload/content/STW/PSIRT/STW-IR-23-001.pdf
Vendor Advisory
https://www.stw-mobile-machines.com/psirt/
Vendor Advisory
https://www.stw-mobile-machines.com/fileadmin/user_upload/content/STW/PSIRT/STW-IR-23-001.pdf
Vendor Advisory
https://www.stw-mobile-machines.com/psirt/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:stw-mobile-machines:tcg-4_firmware:3.01r1:*:*:*:*:*:*:*

cpe:2.3:o:stw-mobile-machines:tcg-4_firmware:3.02r0:*:*:*:*:*:*:*

cpe:2.3:o:stw-mobile-machines:tcg-4_firmware:3.03r0:*:*:*:*:*:*:*

cpe:2.3:o:stw-mobile-machines:tcg-4_firmware:3.04r2:*:*:*:*:*:*:*

cpe:2.3:h:stw-mobile-machines:tcg-4:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:stw-mobile-machines:tcg-4lite_firmware:3.04r2:*:*:*:*:*:*:*

cpe:2.3:h:stw-mobile-machines:tcg-4lite:-:*:*:*:*:*:*:*

EPSS

Процентиль: 81%

0.01503

Низкий

9.8 Critical

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-306

Связанные уязвимости

GHSA-xcf7-g637-p7f5