Main Vulnerability Database Vulnerabilities #VU73254

#VU73254 Missing Authorization in Akuvox E11 - CVE-2023-0349

Published: March 13, 2023

Vulnerability identifier: #VU73254

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-0349

CWE-ID: CWE-862

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Akuvox E11

Software vendor:
Akuvox

Description

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to a missing permission check in libvoice library. A remote attacker on the local network can view and record image and video from the camera.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://claroty.com/team82/research/the-silent-spy-among-us-modern-attacks-against-smart-intercoms

#VU73254 Missing Authorization in Akuvox E11 - CVE-2023-0349

Description

Remediation

External links

Please verify you're human