PT-2023-30171 · Unknown · Lte-Pic32-Writer
Paijp
·
Published
2023-10-31
·
Updated
2023-11-08
·
CVE-2023-46723
CVSS v3.1
8.9
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
lte-pic32-writer versions 0.0.1 and prior
Description
The issue affects users of
sendto.txt and allows attackers who know the IMEI to read the sendto.txt file, which may contain sensitive information such as SNS URLs and API keys.Recommendations
For versions 0.0.1 and prior, avoid using
sendto.txt to prevent exposure of sensitive information.
For versions 0.0.1 and prior, use .htaccess to block access to sendto.txt as a temporary workaround.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lte-Pic32-Writer