Summary
| Detail | |||
|---|---|---|---|
| Vendor | Eurotel | First view | 2023-12-19 |
| Product | etl3100 Firmware | Last view | 2023-12-19 |
| Version | 01x37 | Type | Os |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:eurotel:etl3100_firmware | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 9.8 | 2023-12-19 | CVE-2023-6930 | EuroTel ETL3100 versions v01c01 and v01x37 suffer from an unauthenticated configuration and log download vulnerability. This enables the attacker to disclose sensitive information and assist in authentication bypass, privilege escalation, and full system access. |
| 9.8 | 2023-12-19 | CVE-2023-6929 | EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers can bypass authorization, access the hidden resources on the system, and execute privileged functionalities. |
| 9.8 | 2023-12-19 | CVE-2023-6928 | EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number of attempts to guess administrative credentials in remote password attacks to gain full control of the system. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (1) | CWE-639 | Access Control Bypass Through User-Controlled Key |
| 50% (1) | CWE-307 | Improper Restriction of Excessive Authentication Attempts |
