CVE-2023-51059

Опубликовано: 16 янв. 2024

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

An issue in MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 and before allows a remote attacker to escalate privileges via the session management component of the administrative web interface.

Ссылки

https://github.com/sbaresearch/advisories/tree/public/2022/SBA-ADV-20220120-01_MOKOSmart_MKGW1_Gateway_Improper_Session_Management
Exploit
Third Party Advisory
https://www.mokosmart.com/wp-content/uploads/2019/10/GS-gateway.pdf
Product
http://seclists.org/fulldisclosure/2024/Jan/6
https://github.com/sbaresearch/advisories/tree/public/2022/SBA-ADV-20220120-01_MOKOSmart_MKGW1_Gateway_Improper_Session_Management
Exploit
Third Party Advisory
https://www.mokosmart.com/wp-content/uploads/2019/10/GS-gateway.pdf
Product

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:mokosmart:mkgw1_gateway_firmware:*:*:*:*:*:*:*:*

Версия до 1.1.1 (включая)

cpe:2.3:h:mokosmart:mkgw1_gateway:-:*:*:*:*:*:*:*

EPSS

Процентиль: 61%

0.0042

Низкий

8.8 High

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-hgx8-vqrh-29gx