Improper access control in Sielco products - CVE-2023-42769
Published: October 27, 2023
Vulnerability identifier: #VU82526
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2023-42769
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Sielco
Affected software:
Analog FM transmitter EXC5000GX
Analog FM transmitter EXC120GX
Analog FM transmitter EXC300GX
Analog FM transmitter EXC1600GX
Analog FM transmitter EXC2000GX
Analog FM transmitter EXC1000GX
Analog FM transmitter EXC3000GX
Analog FM transmitter EXC30GT
Analog FM transmitter EXC300GT
Analog FM transmitter EXC100GT
Analog FM transmitter EXC5000GT
Analog FM transmitter EXC1000GT
Analog FM transmitter: EXC120GT
Radio Link RTX19
Radio Link EXC19
Analog FM transmitter EXC5000GX
Analog FM transmitter EXC120GX
Analog FM transmitter EXC300GX
Analog FM transmitter EXC1600GX
Analog FM transmitter EXC2000GX
Analog FM transmitter EXC1000GX
Analog FM transmitter EXC3000GX
Analog FM transmitter EXC30GT
Analog FM transmitter EXC300GT
Analog FM transmitter EXC100GT
Analog FM transmitter EXC5000GT
Analog FM transmitter EXC1000GT
Analog FM transmitter: EXC120GT
Radio Link RTX19
Radio Link EXC19
Detailed vulnerability description
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote attacker can perform a brute-force attack to obtain a valid session, bypass authentication and manipulate the transmitter.
How to mitigate CVE-2023-42769
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.