Lucene search

[email protected]NVD:CVE-2023-7209

HistoryJan 07, 2024 - 9:15 a.m.

CVE-2023-7209

2024-01-0709:15:08

CWE-404

[email protected]

web.nvd.nist.gov

uniway router

critical

denial of service

remote attack

disclosure

vdb-249758

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

34.8%

JSON

A vulnerability was found in Uniway Router up to 2.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boaform/device_reset.cgi of the component Device Reset Handler. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249758 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected configurations

Nvd

Node

uniwayinfouw-302vp_firmwareRange≤2.0

AND

uniwayinfouw-302vpMatch-

Node

uniwayinfouw-301vpw_firmwareRange≤2.0

AND

uniwayinfouw-301vpwMatch-

Node

uniwayinfouw-311vpw_firmwareRange≤2.0

AND

uniwayinfouw-311vpwMatch-

Node

uniwayinfouw-101x_firmwareRange≤2.0

AND

uniwayinfouw-101xMatch-

Node

uniwayinfouw-323dac_firmwareRange≤2.0

AND

uniwayinfouw-323dacMatch-

VendorProductVersionCPE
uniwayinfouw-302vp_firmware*cpe:2.3:o:uniwayinfo:uw-302vp_firmware:*:*:*:*:*:*:*:*
uniwayinfouw-302vp-cpe:2.3:h:uniwayinfo:uw-302vp:-:*:*:*:*:*:*:*
uniwayinfouw-301vpw_firmware*cpe:2.3:o:uniwayinfo:uw-301vpw_firmware:*:*:*:*:*:*:*:*
uniwayinfouw-301vpw-cpe:2.3:h:uniwayinfo:uw-301vpw:-:*:*:*:*:*:*:*
uniwayinfouw-311vpw_firmware*cpe:2.3:o:uniwayinfo:uw-311vpw_firmware:*:*:*:*:*:*:*:*
uniwayinfouw-311vpw-cpe:2.3:h:uniwayinfo:uw-311vpw:-:*:*:*:*:*:*:*
uniwayinfouw-101x_firmware*cpe:2.3:o:uniwayinfo:uw-101x_firmware:*:*:*:*:*:*:*:*
uniwayinfouw-101x-cpe:2.3:h:uniwayinfo:uw-101x:-:*:*:*:*:*:*:*
uniwayinfouw-323dac_firmware*cpe:2.3:o:uniwayinfo:uw-323dac_firmware:*:*:*:*:*:*:*:*
uniwayinfouw-323dac-cpe:2.3:h:uniwayinfo:uw-323dac:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
uniwayinfo	uw-302vp_firmware	*	cpe:2.3:o:uniwayinfo:uw-302vp_firmware::::::::
uniwayinfo	uw-302vp	-	cpe:2.3:h:uniwayinfo:uw-302vp:-:::::::*
uniwayinfo	uw-301vpw_firmware	*	cpe:2.3:o:uniwayinfo:uw-301vpw_firmware::::::::
uniwayinfo	uw-301vpw	-	cpe:2.3:h:uniwayinfo:uw-301vpw:-:::::::*
uniwayinfo	uw-311vpw_firmware	*	cpe:2.3:o:uniwayinfo:uw-311vpw_firmware::::::::
uniwayinfo	uw-311vpw	-	cpe:2.3:h:uniwayinfo:uw-311vpw:-:::::::*
uniwayinfo	uw-101x_firmware	*	cpe:2.3:o:uniwayinfo:uw-101x_firmware::::::::
uniwayinfo	uw-101x	-	cpe:2.3:h:uniwayinfo:uw-101x:-:::::::*
uniwayinfo	uw-323dac_firmware	*	cpe:2.3:o:uniwayinfo:uw-323dac_firmware::::::::
uniwayinfo	uw-323dac	-	cpe:2.3:h:uniwayinfo:uw-323dac:-:::::::*

References

drive.google.com/file/d/1XDZA4ibiYNcxTwq60vYCr03_6M_cvJ_2/view?usp=sharing

vuldb.com/?ctiid.249758

vuldb.com/?id.249758

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

34.8%

JSON

Related for NVD:CVE-2023-7209

cve1 cvelist1 prion1