CVE-2023-31634

EUVD-2023-35930
In TeslaMate before 1.27.2, there is unauthorized access to port 4000 for remote viewing and operation of user data. After accessing the IP address for the TeslaMate instance, an attacker can switch the port to 3000 to enter Grafana for remote operations. At that time, the default username and password can be used to enter the Grafana management console without logging in, a related issue to CVE-2022-23126.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
teslamateteslamate
𝑥
< 1.27.2
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
teslamate_projectteslamate
𝑥
< 1.27.2
ADP
Common Weakness Enumeration
References
https://github.com/XC9409/CVE-2023-31634/blob/main/PoC
https://github.com/adriankumpf/teslamate/releases/tag/v1.27.2
https://github.com/XC9409/CVE-2023-31634/blob/main/PoC
https://github.com/adriankumpf/teslamate/releases/tag/v1.27.2