CVE-2023-42769
26.10.2023, 17:15
The cookie session ID is of insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session, bypass authentication, and manipulate the transmitter.Enginsight
| Vendor | Product | Version |
|---|---|---|
| sielco | analog_fm_transmitter_exc5000gx_firmware | - |
| sielco | analog_fm_transmitter_exc120gx_firmware | - |
| sielco | analog_fm_transmitter_exc300gx_firmware | - |
| sielco | analog_fm_transmitter_exc1600gx_firmware | - |
| sielco | analog_fm_transmitter_exc2000gx_firmware | - |
| sielco | analog_fm_transmitter_exc1600gx_firmware | - |
| sielco | analog_fm_transmitter_exc1000gx_firmware | - |
| sielco | analog_fm_transmitter_exc3000gx_firmware | - |
| sielco | analog_fm_transmitter_exc5000gx_firmware | - |
| sielco | analog_fm_transmitter_exc30gt_firmware | - |
| sielco | analog_fm_transmitter_exc300gt_firmware | - |
| sielco | analog_fm_transmitter_exc100gt_firmware | - |
| sielco | analog_fm_transmitter_exc5000gt_firmware | - |
| sielco | analog_fm_transmitter_exc1000gt_firmware | - |
| sielco | analog_fm_transmitter_exc120gt_firmware | - |
| sielco | radio_link_rtx19_firmware | - |
| sielco | radio_link_rtx19_firmware | - |
| sielco | radio_link_exc19_firmware | - |
| sielco | radio_link_rtx19_firmware | - |
| sielco | radio_link_rtx19_firmware | - |
| sielco | radio_link_exc19_firmware | - |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-284 - Improper Access ControlThe software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
- CWE-307 - Improper Restriction of Excessive Authentication AttemptsThe product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.