exploitDog

CVE-2023-41351

Опубликовано: 03 нояб. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL. This makes it possible for unauthenticated remote attackers to log in as any existing users, such as an administrator, to perform arbitrary system operations or disrupt service.

Ссылки

https://www.twcert.org.tw/tw/cp-132-7501-6155a-1.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7501-6155a-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:nokia:g-040w-q_firmware:g040wqr201207:*:*:*:*:*:*:*

cpe:2.3:h:nokia:g-040w-q:-:*:*:*:*:*:*:*

EPSS

Процентиль: 25%

0.00086

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-288

CWE-306

Связанные уязвимости

GHSA-w6x6-2wp3-jqvp

CVSS3: 9.8

github

больше 2 лет назад

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL. This makes it possible for unauthenticated remote attackers to log in as any existing users, such as an administrator, to perform arbitrary system operations or disrupt service.

EPSS

Процентиль: 25%

0.00086

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-288

CWE-306