CVE-2023-31190

DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an Improper Authentication vulnerability during the firmware update procedure. Specifically, the firmware update procedure ignores and does not check the validity of the TLS certificate of the HTTPS endpoint from which the firmware update package (.tar.bz2 file) is downloaded. An attacker with the ability to put himself in a Man-in-the-Middle situation (e.g., DNS poisoning, ARP poisoning, control of a node on the route to the endpoint, etc.) can trick the DroneScout ds230 to install a crafted malicious firmware update containing arbitrary files (e.g., executable and configuration) and gain administrative (root) privileges on the underlying Linux operating system. This issue affects DroneScout ds230 firmware from version 20211210-1627 through 20230329-1042.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:h:bluemark:dronescout_ds230:-:*:*:*:*:*:*:*
cpe:2.3:o:bluemark:dronescout_ds230_firmware:*:*:*:*:*:*:*:*

History

30 Sep 2024, 10:15

Type Values Removed Values Added
CWE CWE-295
Summary (en) DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an Improper Authentication vulnerability during the firmware update procedure. Specifically, the firmware update procedure ignores and does not check the validity of the TLS certificate of the HTTPS endpoint from which the firmware update package (.tar.bz2 file) is downloaded. An attacker with the ability to put himself in a Man-in-the-Middle situation (e.g., DNS poisoning, ARP poisoning, control of a node on the route to the endpoint, etc.) can trick the DroneScout ds230 to install a crafted malicious firmware update containing arbitrary files (e.g., executable and configuration) and gain administrative (root) privileges on the underlying Linux operating system. This issue affects DroneScout ds230 firmware from version 20211210-1627 through 20230329-1042. (en) DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an Improper Authentication vulnerability during the firmware update procedure. Specifically, the firmware update procedure ignores and does not check the validity of the TLS certificate of the HTTPS endpoint from which the firmware update package (.tar.bz2 file) is downloaded. An attacker with the ability to put himself in a Man-in-the-Middle situation (e.g., DNS poisoning, ARP poisoning, control of a node on the route to the endpoint, etc.) can trick the DroneScout ds230 to install a crafted malicious firmware update containing arbitrary files (e.g., executable and configuration) and gain administrative (root) privileges on the underlying Linux operating system. This issue affects DroneScout ds230 firmware from version 20211210-1627 through 20230329-1042.

20 Jul 2023, 02:04

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.1
References (MISC) https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-31190/ - (MISC) https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-31190/ - Third Party Advisory
References (MISC) https://download.bluemark.io/dronescout/firmware/history.txt - (MISC) https://download.bluemark.io/dronescout/firmware/history.txt - Release Notes
CPE cpe:2.3:o:bluemark:dronescout_ds230_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bluemark:dronescout_ds230:-:*:*:*:*:*:*:*
CWE CWE-287

11 Jul 2023, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-11 09:15

Updated : 2024-09-30 10:15


NVD link : CVE-2023-31190

Mitre link : CVE-2023-31190

CVE.ORG link : CVE-2023-31190


JSON object : View

Products Affected

bluemark

  • dronescout_ds230_firmware
  • dronescout_ds230
CWE
CWE-295

Improper Certificate Validation

CWE-287

Improper Authentication