MEDIUM🇬🇧 English

CVE-2023-45593

CVSS 6.8v3.1pub. 2024-03-05upd. 2025-04-10

A CWE-184 “Incomplete List of Disallowed Inputs” vulnerability in the embedded Chromium browser (concerning the handling of alternative URLs, other than “ http://localhost” ) allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and have other unspecified impacts to the confidentiality, integrity, and availability of the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.

oryginał EN
CVSS Vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Ailux Imx6

    APP
    Ailux
    < 1.0.7-2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-5457HIGH7.5ten sam produkt

A CWE-1269 “Product Released in Non-Release Configuration” vulnerability in the Django web framework used by t...

CVE-2023-5456HIGH8.1ten sam produkt

A CWE-798 “Use of Hard-coded Credentials” vulnerability in the MariaDB database of the web application allows ...

CVE-2023-45591HIGH7.5ten sam produkt

A CWE-122 “Heap-based Buffer Overflow” vulnerability in the “logger_generic” function of the “Ax_rtu” binary a...

CVE-2023-45594MEDIUM6.8ten sam produkt

A CWE-552 “Files or Directories Accessible to External Parties” vulnerability in the embedded Chromium browser...

CVE-2023-45596MEDIUM5.3ten sam produkt

A CWE-425 “Direct Request ('Forced Browsing')” vulnerability in the “file_configuration” functionality of the ...

CVE-2023-45593 — MEDIUM 6.8 | CVEbaza.pl