Lucene search
IcscertCVE-2023-22389HistoryJan 30, 2023 - 11:15 p.m.
CVE-2023-22389
2023-01-3023:15:11
CWE-256
icscert
web.nvd.nist.gov
21
cve-2023-22389
nvd
security
plaintext password
vulnerability
snap one wattbox
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
6.3
Confidence
High
EPSS
0.001
Percentile
29.1%
Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior store passwords in a plaintext file when the device configuration is exported via Save/Restore–>Backup Settings, which could be read by any user accessing the file.
Affected configurations
Node
snapavwattbox_wb-300-ip-3_firmwareRange≤wb10.9a17
snapavwattbox_wb-300-ip-3Match-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| snapav | wattbox_wb-300-ip-3_firmware | * | cpe:2.3:o:snapav:wattbox_wb-300-ip-3_firmware:*:*:*:*:*:*:*:* |
| snapav | wattbox_wb-300-ip-3 | - | cpe:2.3:h:snapav:wattbox_wb-300-ip-3:-:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Wattbox WB-300-IP-3",
"vendor": "Snap One",
"versions": [
{
"lessThanOrEqual": "WB10.9a17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2023-22389
2023-01-30 23:15:11
prion
prion
Design/Logic Flaw
2023-01-30 23:15:00
cvelist
cvelist
CVE-2023-22389
2023-01-30 22:06:22
ics
ics
Snap One Wattbox WB-300-IP-3
2023-01-26 12:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
6.3
Confidence
High
EPSS
0.001
Percentile
29.1%
Related for CVE-2023-22389