An Access Control vulnerability exists in CLARO KAON CG3000 1.00.67 in the router configuration, which could allow a malicious user to read or update the configuraiton without authentication.
References
| Link | Resource |
|---|---|
| https://alexandrevvo.medium.com/improper-access-control-no-control-at-all-in-kaon-cg3000-router-c225d2434ec1 | Exploit Third Party Advisory |
| https://alexandrevvo.medium.com/improper-access-control-no-control-at-all-in-kaon-cg3000-router-c225d2434ec1 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
21 Nov 2024, 06:29
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://alexandrevvo.medium.com/improper-access-control-no-control-at-all-in-kaon-cg3000-router-c225d2434ec1 - Exploit, Third Party Advisory |
12 Jul 2022, 17:42
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-306 |
15 Apr 2022, 13:55
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:claro:kaon_cg3000_firmware:1.00.67:*:*:*:*:*:*:* cpe:2.3:h:claro:kaon_cg3000:-:*:*:*:*:*:*:* |
|
| CWE | CWE-287 | |
| CVSS |
v2 : v3 : |
v2 : 5.2
v3 : 8.0 |
| References | (MISC) https://alexandrevvo.medium.com/improper-access-control-no-control-at-all-in-kaon-cg3000-router-c225d2434ec1 - Exploit, Third Party Advisory |
08 Apr 2022, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-04-08 16:15
Updated : 2024-11-21 06:29
NVD link : CVE-2021-43483
Mitre link : CVE-2021-43483
CVE.ORG link : CVE-2021-43483
JSON object : View
Products Affected
claro
- kaon_cg3000_firmware
- kaon_cg3000
CWE
CWE-306
Missing Authentication for Critical Function