Sign-up

ID

VAR-202306-0140


CVE

CVE-2023-30603


TITLE

Hitron Technologies CODA Authorization problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202306-090

DESCRIPTION

Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account. An unauthenticated remote attackers can exploit this vulnerability to obtain the administrator’s privilege, resulting in performing arbitrary system operation or disrupt service

Trust: 0.99

sources: NVD: CVE-2023-30603 // VULMON: CVE-2023-30603

AFFECTED PRODUCTS

vendor:hitrontechmodel:coda-5310scope:eqversion:7.2.4.7.1b3

Trust: 1.0

sources: NVD: CVE-2023-30603

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-30603
value: CRITICAL

Trust: 1.0

twcert@cert.org.tw: CVE-2023-30603
value: CRITICAL

Trust: 1.0

CNNVD: CNNVD-202306-090
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2023-30603
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

sources: CNNVD: CNNVD-202306-090 // NVD: CVE-2023-30603 // NVD: CVE-2023-30603

PROBLEMTYPE DATA

problemtype:CWE-1392

Trust: 1.0

sources: NVD: CVE-2023-30603

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202306-090

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202306-090

PATCH

title:Hitron Technologies CODA Remediation measures for authorization problem vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=240152

Trust: 0.6

sources: CNNVD: CNNVD-202306-090

EXTERNAL IDS

db:NVDid:CVE-2023-30603

Trust: 1.7

db:CNNVDid:CNNVD-202306-090

Trust: 0.6

db:VULMONid:CVE-2023-30603

Trust: 0.1

sources: VULMON: CVE-2023-30603 // CNNVD: CNNVD-202306-090 // NVD: CVE-2023-30603

REFERENCES

url:https://www.twcert.org.tw/tw/cp-132-7085-13321-1.html

Trust: 1.7

url:https://cxsecurity.com/cveshow/cve-2023-30603/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/287.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-30603 // CNNVD: CNNVD-202306-090 // NVD: CVE-2023-30603

SOURCES

db:VULMONid:CVE-2023-30603
db:CNNVDid:CNNVD-202306-090
db:NVDid:CVE-2023-30603

LAST UPDATE DATE

2024-10-15T02:52:18.722000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-30603date:2023-06-02T00:00:00
db:CNNVDid:CNNVD-202306-090date:2023-06-05T00:00:00
db:NVDid:CVE-2023-30603date:2024-10-14T04:15:04.747

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-30603date:2023-06-02T00:00:00
db:CNNVDid:CNNVD-202306-090date:2023-06-02T00:00:00
db:NVDid:CVE-2023-30603date:2023-06-02T11:15:10.863