CVE-2023-33282

Name of the Vulnerable Software and Affected Versions Marval MSM versions 14.19.0.12476 and earlier, version 15.0

Description The issue concerns a system account with default credentials, allowing a remote attacker to log in and create a valid session. This enables the attacker to make backend calls to endpoints in the application, such as "API endpoints". No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited.

Recommendations For Marval MSM versions 14.19.0.12476 and earlier, and version 15.0, change the default credentials of the system account to prevent unauthorized access. As a temporary workaround, consider restricting access to the system account until a patch is available. Avoid using default credentials in the system account to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.