Main Vulnerability Database Vulnerabilities #VU82528

Improper access control in Sielco products - CVE-2023-45228

Published: October 27, 2023

Vulnerability identifier: #VU82528

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-45228

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Analog FM transmitter EXC5000GX
Analog FM transmitter EXC120GX
Analog FM transmitter EXC300GX
Analog FM transmitter EXC1600GX
Analog FM transmitter EXC2000GX
Analog FM transmitter EXC1000GX
Analog FM transmitter EXC3000GX
Analog FM transmitter EXC30GT
Analog FM transmitter EXC300GT
Analog FM transmitter EXC100GT
Analog FM transmitter EXC5000GT
Analog FM transmitter EXC1000GT
Analog FM transmitter: EXC120GT
Radio Link RTX19
Radio Link EXC19

Software vendor:
Sielco

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions when editing users. A remote user can send a single HTTP POST request with modified parameters and manipulate users, passwords and permissions.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Improper access control in Sielco products - CVE-2023-45228

Description

Remediation

External links

Please verify you're human