CVE-2023-43847

Incorrect access control in the outlet control function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to control all the outlets as if they were the administrator via HTTP POST requests.
References
Link Resource
https://github.com/setersora/pe6208 Exploit Third Party Advisory
https://github.com/setersora/pe6208 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:aten:pe6208_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:aten:pe6208:-:*:*:*:*:*:*:*

History

30 May 2025, 16:25

Type Values Removed Values Added
CPE cpe:2.3:o:aten:pe6208_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:aten:pe6208:-:*:*:*:*:*:*:*
References () https://github.com/setersora/pe6208 - () https://github.com/setersora/pe6208 - Exploit, Third Party Advisory
First Time Aten pe6208
Aten
Aten pe6208 Firmware

21 Nov 2024, 08:24

Type Values Removed Values Added
References () https://github.com/setersora/pe6208 - () https://github.com/setersora/pe6208 -

23 Aug 2024, 17:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3
CWE CWE-284

29 May 2024, 13:02

Type Values Removed Values Added
Summary
  • (es) El control de acceso incorrecto en la función de control de salidas de la interfaz web en Aten PE6208 2.3.228 y 2.4.232 permite a los usuarios autenticados remotamente controlar todas las salidas como si fueran el administrador mediante solicitudes HTTP POST.

28 May 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-28 19:15

Updated : 2025-05-30 16:25


NVD link : CVE-2023-43847

Mitre link : CVE-2023-43847

CVE.ORG link : CVE-2023-43847


JSON object : View

Products Affected

aten

  • pe6208_firmware
  • pe6208
CWE
CWE-284

Improper Access Control