CVE-2023-6919 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
TR-CERT	CNA	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 47%

Vendor	Product	Version
biges	vg-4c1a-lru_firmware	𝑥 < 500.0003.r008.4011.c0012.b351.c
biges	vg-4c1a-lrpu_firmware	𝑥 < 500.0003.r008.4011.c0012.b351.c
biges	vg-255a-bf_firmware	𝑥 < 500.0003.r008.4011.c0012.b351.c
biges	vg-255-bv_firmware	𝑥 < 500.0003.r008.4011.c0012.b351.c
biges	vg-255-df_firmware	𝑥 < 500.0003.r008.4011.c0012.b351.c
biges	vg-64c8rd-nvr_firmware	𝑥 < 500.0003.r008.4011.c0012.b351.c
biges	vg-4c1e-nvr_firmware	𝑥 < 500.0003.r008.4011.c0012.b351.c
biges	vg-8c1e-nvr_firmware	𝑥 < 500.0003.r008.4011.c0012.b351.c
biges	vg-8c1a-lrpu_firmware	𝑥 < 500.0003.r008.4011.c0012.b351.c

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-25 - Path Traversal: '/../filedir'
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "/../" sequences that can resolve to a location that is outside of that directory.

References

https://www.usom.gov.tr/bildirim/tr-24-0054

https://www.usom.gov.tr/bildirim/tr-24-0054