PT-2023-19027 · T&D+1 · Wdr-3+7
Junnosuke Kushibiki
+5
·
Published
2023-05-23
·
Updated
2025-01-31
·
CVE-2023-23545
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
T&D Corporation data logger products versions TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions
ESPEC MIC CORP. data logger products versions RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions
Description
Missing authentication for a critical function exists in the affected data logger products, which may allow a remote unauthenticated attacker to alter the product settings without authentication.
Recommendations
For T&D Corporation data logger products, consider disabling remote access to the critical function until a patch is available.
For ESPEC MIC CORP. data logger products, restrict access to the product settings to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rt-12N/Rs-12N
Rt-22Bn
Rtr-5W
Teu-12N
Tr-71W/72W
Wdr-3
Wdr-7
Ws-2