CVE-2023-43478

{"id": "CVE-2023-43478", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "vulnreport@tenable.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-09-20T14:15:15.127", "references": [{"url": "https://www.tenable.com/security/research/tra-2023-19", "tags": ["Exploit", "Third Party Advisory"], "source": "vulnreport@tenable.com"}, {"url": "https://www.tenable.com/security/research/tra-2023-19", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, allows unauthenticated attackers to upload firmware images and configuration backups, which could allow them to alter the firmware or the configuration on the device, ultimately leading to code execution as root.\u00a0"}, {"lang": "es", "value": "fake_upload.cgi en Telstra Smart Modem Gen 2 (Arcadyan LH1000), versiones de firmware &lt; 0.18.15r, permite a atacantes no autenticados cargar im\u00e1genes de firmware y copias de seguridad de configuraci\u00f3n, lo que podr\u00eda permitirles alterar el firmware o la configuraci\u00f3n en el dispositivo, lo que en \u00faltima instancia lleva a para ejecutar el c\u00f3digo como root."}], "lastModified": "2024-11-21T08:24:07.540", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:telstra:arcadyan_lh1000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35A4EC70-8D90-4C41-AD63-0C531644C396", "versionEndExcluding": "0.18.15r"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:telstra:arcadyan_lh1000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "18BB9AA9-95B5-4EF5-B398-7B2E80991966"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "vulnreport@tenable.com"}