CVE-2023-29126

The Waybox Enel X web management application contains a PHP-type juggling vulnerability that may allow a brute force process and under certain conditions bypass authentication.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:enelx:waybox_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:enelx:waybox_pro:3.0:*:*:*:*:*:*:*

History

08 Nov 2024, 16:15

Type Values Removed Values Added
References () https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf - () https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf - Vendor Advisory
CPE cpe:2.3:o:enelx:waybox_pro_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:enelx:waybox_pro:3.0:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 4.2
v2 : unknown
v3 : 8.8
First Time Enelx
Enelx waybox Pro Firmware
Enelx waybox Pro
CWE NVD-CWE-Other

06 Nov 2024, 18:17

Type Values Removed Values Added
Summary
  • (es) La aplicación de gestión web Waybox Enel X contiene una vulnerabilidad de tipo PHP que puede permitir un proceso de fuerza bruta y bajo ciertas condiciones omitir la autenticación.

05 Nov 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-11-05 16:15

Updated : 2024-11-08 16:15


NVD link : CVE-2023-29126

Mitre link : CVE-2023-29126

CVE.ORG link : CVE-2023-29126


JSON object : View

Products Affected

enelx

  • waybox_pro
  • waybox_pro_firmware
CWE
NVD-CWE-Other CWE-1287

Improper Validation of Specified Type of Input