fkie_cve-2023-41351
Vulnerability from fkie_nvd
Published
2023-11-03 06:15
Modified
2024-11-21 08:21
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL. This makes it possible for unauthenticated remote attackers to log in as any existing users, such as an administrator, to perform arbitrary system operations or disrupt service.
References
twcert@cert.org.twhttps://www.twcert.org.tw/tw/cp-132-7501-6155a-1.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.twcert.org.tw/tw/cp-132-7501-6155a-1.htmlThird Party Advisory
Impacted products
Vendor Product Version
nokia g-040w-q_firmware g040wqr201207
nokia g-040w-q -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:nokia:g-040w-q_firmware:g040wqr201207:*:*:*:*:*:*:*",
              "matchCriteriaId": "B44938DD-B7A2-4D58-8B61-AE64C62A3E83",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:nokia:g-040w-q:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B61B9373-5B22-4C83-9781-FCFEB29BB3DB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL. This makes it possible for unauthenticated remote attackers to log in as any existing users, such as an administrator, to perform arbitrary system operations or disrupt service."
    },
    {
      "lang": "es",
      "value": "Chunghwa Telecom NOKIA G-040W-Q tiene una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n, que permite a un atacante remoto no autenticado omitir el mecanismo de autenticaci\u00f3n para iniciar sesi\u00f3n en el dispositivo mediante una URL alternativa. Esto hace posible que atacantes remotos no autenticados inicien sesi\u00f3n como cualquier usuario existente, como un administrador, para realizar operaciones arbitrarias en el sistema o interrumpir el servicio."
    }
  ],
  "id": "CVE-2023-41351",
  "lastModified": "2024-11-21T08:21:07.877",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "twcert@cert.org.tw",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-11-03T06:15:07.107",
  "references": [
    {
      "source": "twcert@cert.org.tw",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.twcert.org.tw/tw/cp-132-7501-6155a-1.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.twcert.org.tw/tw/cp-132-7501-6155a-1.html"
    }
  ],
  "sourceIdentifier": "twcert@cert.org.tw",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-288"
        }
      ],
      "source": "twcert@cert.org.tw",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.