Multilaser RE057/RE170 2.1/2.2 Backup File /param.file.tgz 信息公开

分类为致命的漏洞曾在Multilaser RE057 and RE170 2.1/2.2中发现。 此漏洞会影响未知部件文件 /param.file.tgz的组件Backup File Handler。 手动调试的不合法输入可导致 信息公开。 漏洞的CWE定义是 CWE-200。 此漏洞的脆弱性 2023-02-02所提交。 该漏洞唯一标识为CVE-2023-0658, 攻击可能起始于远程, 有技术细节可用。 此外还有一个漏洞可利用。 当前漏洞利用价值为美元大约是 $0-$5k。 MITRE ATT&CK项目使用攻击技术T1592来解决该问题。 它被宣布为proof-of-concept。 我们估计的零日攻击价值约为$0-$5k。 该漏洞被披露后,远在此前发表过可能的缓解措施。

字段2023-02-02 20時47分2023-03-04 08時37分2023-03-04 08時38分
vendorMultilaserMultilaserMultilaser
nameRE057/RE170RE057/RE170RE057/RE170
version2.1/2.22.1/2.22.1/2.2
componentBackup File HandlerBackup File HandlerBackup File Handler
file/param.file.tgz/param.file.tgz/param.file.tgz
cwe200 (信息公开)200 (信息公开)200 (信息公开)
risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iNNN
cvss3_vuldb_aNNN
cvss3_vuldb_ePPP
cvss3_vuldb_rcRRR
availability111
cveCVE-2023-0658CVE-2023-0658CVE-2023-0658
responsibleVulDBVulDBVulDB
date1675292400 (2023-02-02)1675292400 (2023-02-02)1675292400 (2023-02-02)
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiNNN
cvss2_vuldb_aiNNN
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rcURURUR
cvss2_vuldb_rlNDNDND
cvss3_vuldb_rlXXX
cvss2_vuldb_basescore5.05.05.0
cvss2_vuldb_tempscore4.34.34.3
cvss3_vuldb_basescore5.35.35.3
cvss3_vuldb_tempscore4.84.84.8
cvss3_meta_basescore5.35.36.0
cvss3_meta_tempscore4.84.85.9
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned1675292400 (2023-02-02)1675292400 (2023-02-02)
cve_nvd_summaryA vulnerability, which was classified as critical, was found in Multilaser RE057 and RE170 2.1/2.2. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-220053 was assigned to this vulnerability.A vulnerability, which was classified as critical, was found in Multilaser RE057 and RE170 2.1/2.2. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-220053 was assigned to this vulnerability.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iN
cvss3_nvd_aN
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiN
cvss2_nvd_aiN
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prN
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iN
cvss3_cna_aN
cve_cnaVulDB
cvss2_nvd_basescore5.0
cvss3_nvd_basescore7.5
cvss3_cna_basescore5.3

上一步一览下一步

Might our Artificial Intelligence support you?

Check our Alexa App!