CVE-2023-24052

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Connectize AC21000 G6 version 641.139.1.1256

Description An issue in the change password functionality of the Connectize AC21000 G6 allows attackers to gain control of the device without prompting for the current password. This is related to weaknesses in the authentication procedure, which can be exploited by a remote attacker to bypass authentication and gain full access to the device.

Recommendations For version 641.139.1.1256, consider disabling the change password functionality until a patch is available to prevent attackers from gaining control of the device. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Authorization

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-287

Related Identifiers

BDU:2023-07072

CVE-2023-24052

Affected Products

Connectize Ac21000 G6

CVE-2023-24052

Weakness Enumeration

Related Identifiers

Affected Products

References · 8