PT-2024-13263 · Ailux · Ailux Imx6 Bundle

Andrea Palanca

Published

2024-03-05

Updated

2024-03-05

CVE-2023-45599

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions AiLux imx6 bundle versions prior to imx6 1.0.7-2

Description A CWE-646 issue in the "iec61850" functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device.

Recommendations For AiLux imx6 bundle versions prior to imx6 1.0.7-2, update to version imx6 1.0.7-2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "iec61850" functionality to minimize the risk of exploitation.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-646CWE-434

Related Identifiers

CVE-2023-45599

Affected Products

Ailux Imx6 Bundle

PT-2024-13263 · Ailux · Ailux Imx6 Bundle

CVE-2023-45599

Weakness Enumeration

Related Identifiers

Affected Products

References · 6