CVE-2023-43849

Incorrect access control in firmware upgrade function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to submit a firmware image via HTTP POST requests. This may result in DoS or remote code execution.
References
Link Resource
https://github.com/setersora/pe6208 Exploit Third Party Advisory
https://github.com/setersora/pe6208 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:aten:pe6208_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:aten:pe6208:-:*:*:*:*:*:*:*

History

30 May 2025, 16:19

Type Values Removed Values Added
CPE cpe:2.3:o:aten:pe6208_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:aten:pe6208:-:*:*:*:*:*:*:*
First Time Aten pe6208
Aten
Aten pe6208 Firmware
References () https://github.com/setersora/pe6208 - () https://github.com/setersora/pe6208 - Exploit, Third Party Advisory

21 Nov 2024, 08:24

Type Values Removed Values Added
References () https://github.com/setersora/pe6208 - () https://github.com/setersora/pe6208 -

14 Aug 2024, 20:35

Type Values Removed Values Added
CWE CWE-284
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5

29 May 2024, 13:02

Type Values Removed Values Added
Summary
  • (es) El control de acceso incorrecto en la función de actualización del firmware de la interfaz web en Aten PE6208 2.3.228 y 2.4.232 permite a los usuarios autenticados remotamente enviar una imagen de firmware a través de solicitudes HTTP POST. Esto puede resultar en DoS o ejecución remota de código.

28 May 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-28 19:15

Updated : 2025-05-30 16:19


NVD link : CVE-2023-43849

Mitre link : CVE-2023-43849

CVE.ORG link : CVE-2023-43849


JSON object : View

Products Affected

aten

  • pe6208_firmware
  • pe6208
CWE
CWE-284

Improper Access Control