CVE-2023-6930

EuroTel ETL3100 versions v01c01 and v01x37 suffer from an unauthenticated configuration and log download vulnerability. This enables the attacker to disclose sensitive information and assist in authentication bypass, privilege escalation, and full system access.
References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-05 Third Party Advisory US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-05 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:eurotel:etl3100_firmware:01c01:*:*:*:*:*:*:*
cpe:2.3:o:eurotel:etl3100_firmware:01x37:*:*:*:*:*:*:*
cpe:2.3:h:eurotel:etl3100:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:44

Type Values Removed Values Added
References () https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-05 - Third Party Advisory, US Government Resource () https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-05 - Third Party Advisory, US Government Resource
CVSS v2 : unknown
v3 : 9.8
v2 : unknown
v3 : 9.4

29 Dec 2023, 16:33

Type Values Removed Values Added
CWE NVD-CWE-Other
References () https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-05 - () https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-05 - Third Party Advisory, US Government Resource
CPE cpe:2.3:o:eurotel:etl3100_firmware:01x37:*:*:*:*:*:*:*
cpe:2.3:o:eurotel:etl3100_firmware:01c01:*:*:*:*:*:*:*
cpe:2.3:h:eurotel:etl3100:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8

20 Dec 2023, 13:50

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-19 23:15

Updated : 2024-11-21 08:44


NVD link : CVE-2023-6930

Mitre link : CVE-2023-6930

CVE.ORG link : CVE-2023-6930


JSON object : View

Products Affected

eurotel

  • etl3100
  • etl3100_firmware
CWE
CWE-284

Improper Access Control

NVD-CWE-Other