PT-2023-3720 · Elenos · Elenos Etg150 Fm Transmitter

Eslam Kamal

Publicado

2023-06-23

Atualizado

2024-12-05

CVE-2023-34672

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Elenos ETG150 FM transmitter version 3.12

Description The issue is related to improper access control, which can be exploited to add a high-privilege user by leveraging the user's role within the admin profile. This can potentially be done over the public Internet. The vulnerability is associated with software deficiencies in access control.

Recommendations For version 3.12, consider restricting access to the admin profile to minimize the risk of exploitation until a patch is available. As a temporary workaround, review and limit user roles within the admin profile to prevent unauthorized privilege escalation.

Exploit

Correção

Improper Access Control

Improper Preservation of Permissions

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284CWE-281

Identificadores relacionados

BDU:2023-04008

CVE-2023-34672

Produtos afetados

Elenos Etg150 Fm Transmitter

PT-2023-3720 · Elenos · Elenos Etg150 Fm Transmitter

CVE-2023-34672

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7