Details of VAR-202305-1678

ID

VAR-202305-1678

CVE

CVE-2023-2790

TITLE

TOTOLINK N200RE Information Disclosure Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2023-40907

DESCRIPTION

A vulnerability classified as problematic has been found in TOTOLINK N200RE 9.3.5u.6255_B20211224. Affected is an unknown function of the file /squashfs-root/etc_ro/custom.conf of the component Telnet Service. The manipulation leads to password in configuration file. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-229374 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK N200RE is a router produced by China Zeon Electronics (TOTOLINK). Give way

Trust: 1.53

sources: NVD: CVE-2023-2790 // CNVD: CNVD-2023-40907 // VULMON: CVE-2023-2790

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2023-40907

AFFECTED PRODUCTS

vendor:	totolink	model:	n200re	scope:	eq	version:	9.3.5u.6255_b20211224	Trust: 1.0
vendor:	totolink	model:	n200re v9.3.5u.6255 b20211224	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2023-40907 // NVD: CVE-2023-2790

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2023-2790
value:	LOW
Trust: 1.0
nvd@nist.gov:	CVE-2023-2790
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2023-40907
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202305-1781
value:	MEDIUM
Trust: 0.6

cna@vuldb.com:	CVE-2023-2790
severity:	LOW
baseScore:	1.4
vectorString:	AV:L/AC:L/AU:M/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2023-40907
severity:	LOW
baseScore:	1.4
vectorString:	AV:L/AC:L/AU:M/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2023-2790
baseSeverity:	LOW
baseScore:	2.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	1.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2023-2790
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2023-40907 // CNNVD: CNNVD-202305-1781 // NVD: CVE-2023-2790 // NVD: CVE-2023-2790

PROBLEMTYPE DATA

problemtype:

CWE-260

Trust: 1.0

sources: NVD: CVE-2023-2790

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202305-1781

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202305-1781

EXTERNAL IDS

db:	NVD	id:	CVE-2023-2790	Trust: 2.3
db:	VULDB	id:	229374	Trust: 1.7
db:	CNVD	id:	CNVD-2023-40907	Trust: 0.6
db:	CNNVD	id:	CNNVD-202305-1781	Trust: 0.6
db:	VULMON	id:	CVE-2023-2790	Trust: 0.1

sources: CNVD: CNVD-2023-40907 // VULMON: CVE-2023-2790 // CNNVD: CNNVD-202305-1781 // NVD: CVE-2023-2790

REFERENCES

url:	https://drive.google.com/file/d/1ritxrvkele5aw42yfk0jeqhcq2b63luj/view?usp=share_link	Trust: 2.3
url:	https://vuldb.com/?id.229374	Trust: 1.7
url:	https://vuldb.com/?ctiid.229374	Trust: 1.7
url:	https://cxsecurity.com/cveshow/cve-2023-2790/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/260.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2023-40907 // VULMON: CVE-2023-2790 // CNNVD: CNNVD-202305-1781 // NVD: CVE-2023-2790

SOURCES

db:	CNVD	id:	CNVD-2023-40907
db:	VULMON	id:	CVE-2023-2790
db:	CNNVD	id:	CNNVD-202305-1781
db:	NVD	id:	CVE-2023-2790

LAST UPDATE DATE

2024-08-14T14:10:03.314000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2023-40907	date:	2023-05-24T00:00:00
db:	VULMON	id:	CVE-2023-2790	date:	2023-05-18T00:00:00
db:	CNNVD	id:	CNNVD-202305-1781	date:	2023-05-29T00:00:00
db:	NVD	id:	CVE-2023-2790	date:	2024-05-17T02:23:15.987

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2023-40907	date:	2023-05-24T00:00:00
db:	VULMON	id:	CVE-2023-2790	date:	2023-05-18T00:00:00
db:	CNNVD	id:	CNNVD-202305-1781	date:	2023-05-18T00:00:00
db:	NVD	id:	CVE-2023-2790	date:	2023-05-18T13:15:09.603