CVE-2023-43848

Incorrect access control in the firewall management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to alter local firewall settings of the device as if they were the administrator via HTTP POST request.
References
Link Resource
https://github.com/setersora/pe6208 Exploit Third Party Advisory
https://github.com/setersora/pe6208 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:aten:pe6208_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:aten:pe6208:-:*:*:*:*:*:*:*

History

30 May 2025, 16:25

Type Values Removed Values Added
References () https://github.com/setersora/pe6208 - () https://github.com/setersora/pe6208 - Exploit, Third Party Advisory
First Time Aten pe6208
Aten
Aten pe6208 Firmware
CPE cpe:2.3:o:aten:pe6208_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:aten:pe6208:-:*:*:*:*:*:*:*

21 Nov 2024, 08:24

Type Values Removed Values Added
References () https://github.com/setersora/pe6208 - () https://github.com/setersora/pe6208 -

20 Aug 2024, 15:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.0
CWE CWE-284

29 May 2024, 13:02

Type Values Removed Values Added
Summary
  • (es) El control de acceso incorrecto en la función de administración del firewall de la interfaz web en Aten PE6208 2.3.228 y 2.4.232 permite a los usuarios autenticados remotamente modificar la configuración del firewall local del dispositivo como si fueran el administrador mediante una solicitud HTTP POST.

28 May 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-28 19:15

Updated : 2025-05-30 16:25


NVD link : CVE-2023-43848

Mitre link : CVE-2023-43848

CVE.ORG link : CVE-2023-43848


JSON object : View

Products Affected

aten

  • pe6208_firmware
  • pe6208
CWE
CWE-284

Improper Access Control