Multilaser RE057/RE170 2.1/2.2 Backup File /param.file.tgz information disclosure

A vulnerability, which was classified as critical, was found in Multilaser RE057 and RE170 2.1/2.2. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. The CWE definition for the vulnerability is CWE-200. The weakness was presented 02/02/2023. This vulnerability is uniquely identified as CVE-2023-0658. It is possible to initiate the attack remotely. Technical details are available. Furthermore, there is an exploit available. The price for an exploit might be around USD $0-$5k at the moment. MITRE ATT&CK project uses the attack technique T1592 for this issue. It is declared as proof-of-concept. We expect the 0-day to have been worth approximately $0-$5k. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

Field02/02/2023 20:4703/04/2023 08:3703/04/2023 08:38
vendorMultilaserMultilaserMultilaser
nameRE057/RE170RE057/RE170RE057/RE170
version2.1/2.22.1/2.22.1/2.2
componentBackup File HandlerBackup File HandlerBackup File Handler
file/param.file.tgz/param.file.tgz/param.file.tgz
cwe200 (information disclosure)200 (information disclosure)200 (information disclosure)
risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iNNN
cvss3_vuldb_aNNN
cvss3_vuldb_ePPP
cvss3_vuldb_rcRRR
availability111
cveCVE-2023-0658CVE-2023-0658CVE-2023-0658
responsibleVulDBVulDBVulDB
date1675292400 (02/02/2023)1675292400 (02/02/2023)1675292400 (02/02/2023)
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiNNN
cvss2_vuldb_aiNNN
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rcURURUR
cvss2_vuldb_rlNDNDND
cvss3_vuldb_rlXXX
cvss2_vuldb_basescore5.05.05.0
cvss2_vuldb_tempscore4.34.34.3
cvss3_vuldb_basescore5.35.35.3
cvss3_vuldb_tempscore4.84.84.8
cvss3_meta_basescore5.35.36.0
cvss3_meta_tempscore4.84.85.9
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned1675292400 (02/02/2023)1675292400 (02/02/2023)
cve_nvd_summaryA vulnerability, which was classified as critical, was found in Multilaser RE057 and RE170 2.1/2.2. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-220053 was assigned to this vulnerability.A vulnerability, which was classified as critical, was found in Multilaser RE057 and RE170 2.1/2.2. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-220053 was assigned to this vulnerability.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iN
cvss3_nvd_aN
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiN
cvss2_nvd_aiN
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prN
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iN
cvss3_cna_aN
cve_cnaVulDB
cvss2_nvd_basescore5.0
cvss3_nvd_basescore7.5
cvss3_cna_basescore5.3

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!