CVE-2023-47677

A cross-site request forgery (csrf) vulnerability exists in the boa CSRF protection functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted network request can lead to CSRF. An attacker can send an HTTP request to trigger this vulnerability.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1872	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:realtek:rtl819x_jungle_software_development_kit:3.4.11:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:level1:wbr-6013_firmware:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*

cpe:2.3:h:level1:wbr-6013:-:*:*:*:*:*:*:*

History

11 Jul 2024, 16:01

Type	Values Removed	Values Added
First Time		Level1 Level1 wbr-6013 Firmware Level1 wbr-6013 Realtek rtl819x Jungle Software Development Kit Realtek
References	~~() https://talosintelligence.com/vulnerability_reports/TALOS-2023-1872 -~~	() https://talosintelligence.com/vulnerability_reports/TALOS-2023-1872 - Exploit, Third Party Advisory
Summary		(es) Existe una vulnerabilidad de cross-site request forgery (csrf) en la funcionalidad de protección boa CSRF de Realtek rtl819x Jungle SDK v3.4.11. Una solicitud de red especialmente manipulada puede generar CSRF. Un atacante puede enviar una solicitud HTTP para desencadenar esta vulnerabilidad.
CPE		cpe:2.3:a:realtek:rtl819x_jungle_software_development_kit:3.4.11:::::::* cpe:2.3:o:level1:wbr-6013_firmware:rer4_a_v3411b_2t2r_lev_09_170623:::::::* cpe:2.3:h:level1:wbr-6013:-:::::::*

08 Jul 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-08 16:15

Updated : 2024-07-11 16:01

NVD link : CVE-2023-47677

Mitre link : CVE-2023-47677

CVE.ORG link : CVE-2023-47677

JSON object : View

Products Affected

realtek

rtl819x_jungle_software_development_kit

level1

wbr-6013_firmware
wbr-6013

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2023-47677", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-07-08T16:15:04.120", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1872", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "A cross-site request forgery (csrf) vulnerability exists in the boa CSRF protection functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted network request can lead to CSRF. An attacker can send an HTTP request to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de cross-site request forgery (csrf) en la funcionalidad de protecci\u00f3n boa CSRF de Realtek rtl819x Jungle SDK v3.4.11. Una solicitud de red especialmente manipulada puede generar CSRF. Un atacante puede enviar una solicitud HTTP para desencadenar esta vulnerabilidad."}], "lastModified": "2024-07-11T16:01:17.057", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:realtek:rtl819x_jungle_software_development_kit:3.4.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7891A085-C128-426B-A8BB-70E688CAAF65"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:level1:wbr-6013_firmware:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79082BA3-FBC4-4F38-8897-37E70D7B83D3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:level1:wbr-6013:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "59DE58EE-DF41-48A2-B048-65A0666808F1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "talos-cna@cisco.com"}