CVE-2023-43134

{"id": "CVE-2023-43134", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-09-20T20:15:12.190", "references": [{"url": "https://github.com/7R4C4R/CVE/blob/main/Netis-360R-AC1200/unauthorized%20access/readme.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management."}, {"lang": "es", "value": "Existe una vulnerabilidad de acceso no autorizado en Netis 360RAC1200 v1.3.4517, que permite a los atacantes obtener informaci\u00f3n sensible del dispositivo sin autenticaci\u00f3n, obtener tokens de usuario y, en \u00faltima instancia, iniciar sesi\u00f3n en la administraci\u00f3n del backend del dispositivo."}], "lastModified": "2023-09-22T02:11:47.020", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netis-systems:360r:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AA79FE05-9D84-4380-B928-A8CA92DCD540"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:netis-systems:360r_firmware:1.3.4517:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D87D4154-B33F-4615-A555-96E3AAD64C6D"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}