MEDIUM🇵🇱 Wersja polska

CVE-2023-45593

CVSS 6.8v3.1pub. 2024-03-05upd. 2025-04-10

A CWE-184 “Incomplete List of Disallowed Inputs” vulnerability in the embedded Chromium browser (concerning the handling of alternative URLs, other than “ http://localhost” ) allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and have other unspecified impacts to the confidentiality, integrity, and availability of the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.

CVSS Vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Ailux Imx6

    APP
    Ailux
    < 1.0.7-2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-5457HIGH7.5ten sam produkt

A CWE-1269 “Product Released in Non-Release Configuration” vulnerability in the Django web framework used by t...

CVE-2023-5456HIGH8.1ten sam produkt

A CWE-798 “Use of Hard-coded Credentials” vulnerability in the MariaDB database of the web application allows ...

CVE-2023-45591HIGH7.5ten sam produkt

A CWE-122 “Heap-based Buffer Overflow” vulnerability in the “logger_generic” function of the “Ax_rtu” binary a...

CVE-2023-45594MEDIUM6.8ten sam produkt

A CWE-552 “Files or Directories Accessible to External Parties” vulnerability in the embedded Chromium browser...

CVE-2023-45596MEDIUM5.3ten sam produkt

A CWE-425 “Direct Request ('Forced Browsing')” vulnerability in the “file_configuration” functionality of the ...