Sign-up

ID

VAR-202404-0973


CVE

CVE-2023-48426


TITLE

Google  of  Chromecast  Vulnerability related to lack of authentication for critical functions in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2023-029351

DESCRIPTION

u-boot bug that allows for u-boot shell and interrupt over UART . Google of Chromecast Firmware has a lack of authentication vulnerability for critical functionality.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2023-48426 // JVNDB: JVNDB-2023-029351

AFFECTED PRODUCTS

vendor:googlemodel:chromecastscope:eqversion:5.0

Trust: 1.0

vendor:googlemodel:chromecastscope: - version: -

Trust: 0.8

vendor:googlemodel:chromecastscope:eqversion: -

Trust: 0.8

vendor:googlemodel:chromecastscope:eqversion:chromecast firmware 5.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-029351 // NVD: CVE-2023-48426

CVSS

SEVERITY

CVSSV2

CVSSV3

dsap-vuln-management@google.com: CVE-2023-48426
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2023-029351
value: CRITICAL

Trust: 0.8

dsap-vuln-management@google.com: CVE-2023-48426
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 6.0
version: 3.1

Trust: 1.0

OTHER: JVNDB-2023-029351
baseSeverity: CRITICAL
baseScore: 10.0
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-029351 // NVD: CVE-2023-48426

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.0

problemtype:Lack of authentication for critical features (CWE-306) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-029351 // NVD: CVE-2023-48426

EXTERNAL IDS

db:NVDid:CVE-2023-48426

Trust: 2.6

db:JVNDBid:JVNDB-2023-029351

Trust: 0.8

sources: JVNDB: JVNDB-2023-029351 // NVD: CVE-2023-48426

REFERENCES

url:https://source.android.com/docs/security/bulletin/chromecast/2023-12-01

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-48426

Trust: 0.8

sources: JVNDB: JVNDB-2023-029351 // NVD: CVE-2023-48426

SOURCES

db:JVNDBid:JVNDB-2023-029351
db:NVDid:CVE-2023-48426

LAST UPDATE DATE

2025-07-29T23:26:20.380000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2023-029351date:2025-07-28T06:35:00
db:NVDid:CVE-2023-48426date:2025-07-24T15:24:07.530

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2023-029351date:2025-07-28T00:00:00
db:NVDid:CVE-2023-48426date:2024-04-05T16:15:07.580