CVE-2023-6929

Name of the Vulnerable Software and Affected Versions EuroTel ETL3100 versions v01c01 and v01x37

Description The issue is related to insecure direct object references, which occur when the application provides direct access to objects based on user-supplied input. This allows attackers to bypass authorization, access hidden resources on the system, and execute privileged functionalities. The vulnerability can be exploited by using a user-controlled key to bypass security restrictions, resulting in unauthorized access to protected information and elevated privileges.

Recommendations For EuroTel ETL3100 versions v01c01 and v01x37, consider restricting access to sensitive resources and functionalities to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the application's ability to provide direct access to objects based on user-supplied input.