HIGH🇵🇱 Wersja polska

CVE-2023-6929

CVSS 7.5v3.1pub. 2023-12-19upd. 2024-11-21

EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers can bypass authorization, access the hidden resources on the system, and execute privileged functionalities.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Eurotel Etl3100

    HW
    Eurotel
    wszystkie wersje
  • Eurotel Etl3100 Firmware

    OS
    Eurotel
    01c0101x37
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
IDOR
CWE
References

Related vulnerabilities

CVE-2023-6928CRITICAL9.8PL ✓ten sam produkt

EuroTel ETL3100 — brak limitu prób logowania umożliwia przejęcie systemu

CVE-2023-6930CRITICAL9.4PL ✓ten sam produkt

EuroTel ETL3100 — nieautoryzowane pobranie konfiguracji i logów