CVE-2023-29126
Nov. 8, 2024, 4:15 p.m.
Tags
CVSS Score
Products Impacted
Vendor | Product | Versions |
---|---|---|
enelx |
|
|
Description
The Waybox Enel X web management application contains a PHP-type juggling vulnerability that may allow a brute force process and under certain conditions bypass authentication.
Weaknesses
CWE-1287
Improper Validation of Specified Type of Input
The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.
CWE ID: 1287Date
Published: Nov. 5, 2024, 4:15 p.m.
Last Modified: Nov. 8, 2024, 4:15 p.m.
Status : Analyzed
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
cve@asrg.io
CPEs
Type | Vendor | Product | Version | Update | Edition | Language | Software Edition | Target Software | Target Hardware | Other Information |
---|---|---|---|---|---|---|---|---|---|---|
o | enelx | waybox_pro_firmware | / | / | / | / | / | / | / | / |
h | enelx | waybox_pro | 3.0 | / | / | / | / | / | / | / |
CVSS Data
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
Exploitability Score
Impact Score
Base Severity
HIGHCVSS Vector String
The CVSS vector string provides an in-depth view of the vulnerability metrics.
View Vector StringCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H