The Akuvox E11 password recovery webpage can be accessed without authentication, and an attacker could download the device key file. An attacker could then use this page to reset the password back to the default.
References
Link | Resource |
---|---|
https://www.cisa.gov/news-events/ics-advisories/icsa-23-068-01 | Third Party Advisory US Government Resource |
https://www.cisa.gov/news-events/ics-advisories/icsa-23-068-01 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 07:37
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.cisa.gov/news-events/ics-advisories/icsa-23-068-01 - Third Party Advisory, US Government Resource |
16 Mar 2023, 18:17
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-068-01 - Third Party Advisory, US Government Resource | |
CPE | cpe:2.3:h:akuvox:e11:-:*:*:*:*:*:*:* cpe:2.3:o:akuvox:e11_firmware:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
13 Mar 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-13 21:15
Updated : 2024-11-21 07:37
NVD link : CVE-2023-0352
Mitre link : CVE-2023-0352
CVE.ORG link : CVE-2023-0352
JSON object : View
Products Affected
akuvox
- e11_firmware
- e11
CWE
No CWE.