Main Vulnerability Database Vulnerabilities #VU72114

Missing Authentication for Critical Function in XBC-DN32U - CVE-2023-22804

Published: February 10, 2023

Vulnerability identifier: #VU72114

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2023-22804

CWE-ID: CWE-306

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
XBC-DN32U

Software vendor:
LS Electric

Description

The vulnerability allows a remote attacker to compromise the affected device.

The vulnerability exists due to missing authorization. A remote non-authenticated attacker can send a specially crafted request to the device, create an administrative account and take full control over the device.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://ics-cert.us-cert.gov/advisories/icsa-23-040-02

Missing Authentication for Critical Function in XBC-DN32U - CVE-2023-22804

Description

Remediation

External links

Please verify you're human