Lucene search

[email protected]NVD:CVE-2023-29711

HistoryJun 22, 2023 - 12:15 p.m.

CVE-2023-29711

2023-06-2212:15:11

[email protected]

web.nvd.nist.gov

access control

interlink psg-5124

version 1.0.4

arbitrary code

get request

security issue

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.004

Percentile

74.2%

JSON

An incorrect access control issue was discovered in Interlink PSG-5124 version 1.0.4, allows attackers to execute arbitrary code via crafted GET request.

Affected configurations

Nvd

Node

interlinkpsg-5124_firmwareMatch1.0.4

AND

interlinkpsg-5124Match-

VendorProductVersionCPE
interlinkpsg-5124_firmware1.0.4cpe:2.3:o:interlink:psg-5124_firmware:1.0.4:*:*:*:*:*:*:*
interlinkpsg-5124-cpe:2.3:h:interlink:psg-5124:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
interlink	psg-5124_firmware	1.0.4	cpe:2.3:o:interlink:psg-5124_firmware:1.0.4:::::::*
interlink	psg-5124	-	cpe:2.3:h:interlink:psg-5124:-:::::::*

References

github.com/shellpei/LINK-Unauthorized/blob/main/CVE-2023-29711

holistic-height-e6d.notion.site/LINK-PSG-5124-Switch-remote-command-vulnerability-da4fd8fb450d42879b07ef3a953a2366

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.004

Percentile

74.2%

JSON

Related for NVD:CVE-2023-29711

cvelist1 prion1 cve1