CVE-2023-38945

Name of the Vulnerable Software and Affected Versions Multilaser RE160 versions 5.07.51 pt MTL01 through 5.07.52 pt MTL01 Multilaser RE160V versions 12.03.01.08 pt through 12.03.01.09 pt Multilaser RE163V version 12.03.01.08 pt

Description The issue allows attackers to bypass access control and gain complete access to the application by supplying a crafted URL. This enables attackers to manipulate the URL and access the application without proper authorization.

Recommendations For Multilaser RE160 versions 5.07.51 pt MTL01 through 5.07.52 pt MTL01, consider restricting access to the application until a patch is available. For Multilaser RE160V versions 12.03.01.08 pt through 12.03.01.09 pt, avoid using manipulated URLs in the application to minimize the risk of exploitation. For Multilaser RE163V version 12.03.01.08 pt, as a temporary workaround, consider disabling access to the application via crafted URLs until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.