CVE-2023-34673

EUVD-2023-38715
Elenos ETG150 FM transmitter running on version 3.12 was discovered to be leaking SMTP credentials and other sensitive information by exploiting the publicly accessible Memcached service. The attack can occur over the public Internet in some cases.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
Affected Products (NVD)
VendorProductVersion
elenosetg150_firmware
3.12
𝑥
= Vulnerable software versions
References
http://elenos.com
https://strik3r.gitbook.io/strik3r-blog/security-research/cves-pocs/cve-2023-34673
http://elenos.com
https://strik3r.gitbook.io/strik3r-blog/security-research/cves-pocs/cve-2023-34673