CVE-2023-34672

Improper Access Control leads to adding a high-privilege user affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role within the admin profile. An attack could occur over the public Internet in some cases.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
VendorProductVersion
elenosetg150_firmware
3.12
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://elenos.com
https://strik3r.gitbook.io/strik3r-blog/security-research/cves-pocs/cve-2023-34672
http://elenos.com
https://strik3r.gitbook.io/strik3r-blog/security-research/cves-pocs/cve-2023-34672