Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-26154

Summary
Assigner-snyk
Assigner Org ID-bae035ff-b466-4ff4-94d0-fc9efd9e1730
Published At-06 Dec, 2023 | 05:00
Updated At-02 Aug, 2024 | 11:39
Rejected At-
Credits

Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of the package github.com/pubnub/go/v7 before 7.2.0; versions of the package pubnub before 7.3.0; versions of the package pubnub/pubnub before 6.1.0; versions of the package pubnub before 5.3.0; versions of the package pubnub before 0.4.0; versions of the package pubnub/c-core before 4.5.0; versions of the package com.pubnub:pubnub-kotlin before 7.7.0; versions of the package pubnub/swift before 6.2.0; versions of the package pubnub before 5.2.0; versions of the package pubnub before 4.3.0 are vulnerable to Insufficient Entropy via the getKey function, due to inefficient implementation of the AES-256-CBC cryptographic algorithm. The provided encrypt function is less secure when hex encoding and trimming are applied, leaving half of the bits in the key always the same for every encoded message or file. **Note:** In order to exploit this vulnerability, the attacker needs to invest resources in preparing the attack and brute-force the encryption.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:snyk
Assigner Org ID:bae035ff-b466-4ff4-94d0-fc9efd9e1730
Published At:06 Dec, 2023 | 05:00
Updated At:02 Aug, 2024 | 11:39
Rejected At:
▼CVE Numbering Authority (CNA)

Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of the package github.com/pubnub/go/v7 before 7.2.0; versions of the package pubnub before 7.3.0; versions of the package pubnub/pubnub before 6.1.0; versions of the package pubnub before 5.3.0; versions of the package pubnub before 0.4.0; versions of the package pubnub/c-core before 4.5.0; versions of the package com.pubnub:pubnub-kotlin before 7.7.0; versions of the package pubnub/swift before 6.2.0; versions of the package pubnub before 5.2.0; versions of the package pubnub before 4.3.0 are vulnerable to Insufficient Entropy via the getKey function, due to inefficient implementation of the AES-256-CBC cryptographic algorithm. The provided encrypt function is less secure when hex encoding and trimming are applied, leaving half of the bits in the key always the same for every encoded message or file. **Note:** In order to exploit this vulnerability, the attacker needs to invest resources in preparing the attack and brute-force the encryption.

Affected Products
Vendor
n/a
Product
pubnub
Versions
Affected
  • From 0 before 7.4.0 (semver)
Vendor
n/a
Product
com.pubnub:pubnub
Versions
Affected
  • From 0 before * (semver)
Vendor
n/a
Product
Pubnub
Versions
Affected
  • From 0 before 6.19.0 (semver)
Vendor
n/a
Product
github.com/pubnub/go
Versions
Affected
  • From 0 before * (semver)
Vendor
n/a
Product
github.com/pubnub/go/v7
Versions
Affected
  • From 0 before 7.2.0 (semver)
Vendor
n/a
Product
pubnub
Versions
Affected
  • From 0 before 7.3.0 (semver)
Vendor
n/a
Product
pubnub/pubnub
Versions
Affected
  • From 0 before 6.1.0 (semver)
Vendor
n/a
Product
pubnub
Versions
Affected
  • From 0 before 5.3.0 (semver)
Vendor
n/a
Product
pubnub
Versions
Affected
  • From 0 before 0.4.0 (semver)
Vendor
n/a
Product
pubnub/c-core
Versions
Affected
  • From 0 before 4.5.0 (semver)
Vendor
n/a
Product
com.pubnub:pubnub-kotlin
Versions
Affected
  • From 0 before 7.7.0 (semver)
Vendor
n/a
Product
pubnub/swift
Versions
Affected
  • From 0 before 6.2.0 (semver)
Vendor
n/a
Product
PubNub
Versions
Affected
  • From 0 before 5.2.0 (semver)
Vendor
n/a
Product
pubnub
Versions
Affected
  • From 0 before 4.3.0 (semver)
Problem Types
TypeCWE IDDescription
N/AN/AInsufficient Entropy
Type: N/A
CWE ID: N/A
Description: Insufficient Entropy
Metrics
VersionBase scoreBase severityVector
3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Varga Daniel
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.snyk.io/vuln/SNYK-JS-PUBNUB-5840690
N/A
https://security.snyk.io/vuln/SNYK-JAVA-COMPUBNUB-6098371
N/A
https://security.snyk.io/vuln/SNYK-DOTNET-PUBNUB-6098372
N/A
https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPUBNUBGO-6098373
N/A
https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPUBNUBGOV7-6098374
N/A
https://security.snyk.io/vuln/SNYK-PYTHON-PUBNUB-6098375
N/A
https://security.snyk.io/vuln/SNYK-PHP-PUBNUBPUBNUB-6098376
N/A
https://security.snyk.io/vuln/SNYK-RUBY-PUBNUB-6098377
N/A
https://security.snyk.io/vuln/SNYK-RUST-PUBNUB-6098378
N/A
https://security.snyk.io/vuln/SNYK-UNMANAGED-PUBNUBCCORE-6098379
N/A
https://security.snyk.io/vuln/SNYK-JAVA-COMPUBNUB-6098380
N/A
https://security.snyk.io/vuln/SNYK-SWIFT-PUBNUBSWIFT-6098381
N/A
https://security.snyk.io/vuln/SNYK-COCOAPODS-PUBNUB-6098384
N/A
https://security.snyk.io/vuln/SNYK-PUB-PUBNUB-6098385
N/A
https://gist.github.com/vargad/20237094fce7a0a28f0723d7ce395bb0
N/A
https://github.com/pubnub/javascript/blob/master/src/crypto/modules/web.js%23L70
N/A
https://github.com/pubnub/javascript/commit/fb6cd0417cbb4ba87ea2d5d86a9c94774447e119
N/A
Hyperlink: https://security.snyk.io/vuln/SNYK-JS-PUBNUB-5840690
Resource: N/A
Hyperlink: https://security.snyk.io/vuln/SNYK-JAVA-COMPUBNUB-6098371
Resource: N/A
Hyperlink: https://security.snyk.io/vuln/SNYK-DOTNET-PUBNUB-6098372
Resource: N/A
Hyperlink: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPUBNUBGO-6098373
Resource: N/A
Hyperlink: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPUBNUBGOV7-6098374
Resource: N/A
Hyperlink: https://security.snyk.io/vuln/SNYK-PYTHON-PUBNUB-6098375
Resource: N/A
Hyperlink: https://security.snyk.io/vuln/SNYK-PHP-PUBNUBPUBNUB-6098376
Resource: N/A
Hyperlink: https://security.snyk.io/vuln/SNYK-RUBY-PUBNUB-6098377
Resource: N/A
Hyperlink: https://security.snyk.io/vuln/SNYK-RUST-PUBNUB-6098378
Resource: N/A
Hyperlink: https://security.snyk.io/vuln/SNYK-UNMANAGED-PUBNUBCCORE-6098379
Resource: N/A
Hyperlink: https://security.snyk.io/vuln/SNYK-JAVA-COMPUBNUB-6098380
Resource: N/A
Hyperlink: https://security.snyk.io/vuln/SNYK-SWIFT-PUBNUBSWIFT-6098381
Resource: N/A
Hyperlink: https://security.snyk.io/vuln/SNYK-COCOAPODS-PUBNUB-6098384
Resource: N/A
Hyperlink: https://security.snyk.io/vuln/SNYK-PUB-PUBNUB-6098385
Resource: N/A
Hyperlink: https://gist.github.com/vargad/20237094fce7a0a28f0723d7ce395bb0
Resource: N/A
Hyperlink: https://github.com/pubnub/javascript/blob/master/src/crypto/modules/web.js%23L70
Resource: N/A
Hyperlink: https://github.com/pubnub/javascript/commit/fb6cd0417cbb4ba87ea2d5d86a9c94774447e119
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.snyk.io/vuln/SNYK-JS-PUBNUB-5840690
x_transferred
https://security.snyk.io/vuln/SNYK-JAVA-COMPUBNUB-6098371
x_transferred
https://security.snyk.io/vuln/SNYK-DOTNET-PUBNUB-6098372
x_transferred
https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPUBNUBGO-6098373
x_transferred
https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPUBNUBGOV7-6098374
x_transferred
https://security.snyk.io/vuln/SNYK-PYTHON-PUBNUB-6098375
x_transferred
https://security.snyk.io/vuln/SNYK-PHP-PUBNUBPUBNUB-6098376
x_transferred
https://security.snyk.io/vuln/SNYK-RUBY-PUBNUB-6098377
x_transferred
https://security.snyk.io/vuln/SNYK-RUST-PUBNUB-6098378
x_transferred
https://security.snyk.io/vuln/SNYK-UNMANAGED-PUBNUBCCORE-6098379
x_transferred
https://security.snyk.io/vuln/SNYK-JAVA-COMPUBNUB-6098380
x_transferred
https://security.snyk.io/vuln/SNYK-SWIFT-PUBNUBSWIFT-6098381
x_transferred
https://security.snyk.io/vuln/SNYK-COCOAPODS-PUBNUB-6098384
x_transferred
https://security.snyk.io/vuln/SNYK-PUB-PUBNUB-6098385
x_transferred
https://gist.github.com/vargad/20237094fce7a0a28f0723d7ce395bb0
x_transferred
https://github.com/pubnub/javascript/blob/master/src/crypto/modules/web.js%23L70
x_transferred
https://github.com/pubnub/javascript/commit/fb6cd0417cbb4ba87ea2d5d86a9c94774447e119
x_transferred
Hyperlink: https://security.snyk.io/vuln/SNYK-JS-PUBNUB-5840690
Resource:
x_transferred
Hyperlink: https://security.snyk.io/vuln/SNYK-JAVA-COMPUBNUB-6098371
Resource:
x_transferred
Hyperlink: https://security.snyk.io/vuln/SNYK-DOTNET-PUBNUB-6098372
Resource:
x_transferred
Hyperlink: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPUBNUBGO-6098373
Resource:
x_transferred
Hyperlink: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPUBNUBGOV7-6098374
Resource:
x_transferred
Hyperlink: https://security.snyk.io/vuln/SNYK-PYTHON-PUBNUB-6098375
Resource:
x_transferred
Hyperlink: https://security.snyk.io/vuln/SNYK-PHP-PUBNUBPUBNUB-6098376
Resource:
x_transferred
Hyperlink: https://security.snyk.io/vuln/SNYK-RUBY-PUBNUB-6098377
Resource:
x_transferred
Hyperlink: https://security.snyk.io/vuln/SNYK-RUST-PUBNUB-6098378
Resource:
x_transferred
Hyperlink: https://security.snyk.io/vuln/SNYK-UNMANAGED-PUBNUBCCORE-6098379
Resource:
x_transferred
Hyperlink: https://security.snyk.io/vuln/SNYK-JAVA-COMPUBNUB-6098380
Resource:
x_transferred
Hyperlink: https://security.snyk.io/vuln/SNYK-SWIFT-PUBNUBSWIFT-6098381
Resource:
x_transferred
Hyperlink: https://security.snyk.io/vuln/SNYK-COCOAPODS-PUBNUB-6098384
Resource:
x_transferred
Hyperlink: https://security.snyk.io/vuln/SNYK-PUB-PUBNUB-6098385
Resource:
x_transferred
Hyperlink: https://gist.github.com/vargad/20237094fce7a0a28f0723d7ce395bb0
Resource:
x_transferred
Hyperlink: https://github.com/pubnub/javascript/blob/master/src/crypto/modules/web.js%23L70
Resource:
x_transferred
Hyperlink: https://github.com/pubnub/javascript/commit/fb6cd0417cbb4ba87ea2d5d86a9c94774447e119
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:report@snyk.io
Published At:06 Dec, 2023 | 05:15
Updated At:11 Dec, 2023 | 17:48

Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of the package github.com/pubnub/go/v7 before 7.2.0; versions of the package pubnub before 7.3.0; versions of the package pubnub/pubnub before 6.1.0; versions of the package pubnub before 5.3.0; versions of the package pubnub before 0.4.0; versions of the package pubnub/c-core before 4.5.0; versions of the package com.pubnub:pubnub-kotlin before 7.7.0; versions of the package pubnub/swift before 6.2.0; versions of the package pubnub before 5.2.0; versions of the package pubnub before 4.3.0 are vulnerable to Insufficient Entropy via the getKey function, due to inefficient implementation of the AES-256-CBC cryptographic algorithm. The provided encrypt function is less secure when hex encoding and trimming are applied, leaving half of the bits in the key always the same for every encoded message or file. **Note:** In order to exploit this vulnerability, the attacker needs to invest resources in preparing the attack and brute-force the encryption.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Secondary3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
pubnub
pubnub
>>c-core>>Versions before 4.5.0(exclusive)
cpe:2.3:a:pubnub:c-core:*:*:*:*:*:*:*:*
pubnub
pubnub
>>kotlin>>Versions before 7.7.0(exclusive)
cpe:2.3:a:pubnub:kotlin:*:*:*:*:*:*:*:*
pubnub
pubnub
>>pubnub>>Versions before 0.4.0(exclusive)
cpe:2.3:a:pubnub:pubnub:*:*:*:*:*:-:*:*
pubnub
pubnub
>>pubnub>>Versions before 7.2.0(exclusive)
cpe:2.3:a:pubnub:pubnub:*:*:*:*:*:go:*:*
pubnub
pubnub
>>pubnub>>Versions from 3.6.4(inclusive) to 4.3.0(exclusive)
cpe:2.3:a:pubnub:pubnub:*:*:*:*:*:-:*:*
pubnub
pubnub
>>pubnub>>Versions from 4.3.1(inclusive) to 5.2.0(exclusive)
cpe:2.3:a:pubnub:pubnub:*:*:*:*:*:-:*:*
pubnub
pubnub
>>pubnub>>Versions from 6.0.0(inclusive) to 6.1.0(exclusive)
cpe:2.3:a:pubnub:pubnub:*:*:*:*:*:-:*:*
pubnub
pubnub
>>pubnub>>Versions from 6.2.0(inclusive) to 6.19.0(exclusive)
cpe:2.3:a:pubnub:pubnub:*:*:*:*:*:-:*:*
pubnub
pubnub
>>pubnub>>Versions from 7.0.0(inclusive) to 7.3.0(exclusive)
cpe:2.3:a:pubnub:pubnub:*:*:*:*:*:-:*:*
pubnub
pubnub
>>pubnub>>Versions from 7.3.1(inclusive) to 7.4.0(exclusive)
cpe:2.3:a:pubnub:pubnub:*:*:*:*:*:-:*:*
pubnub
pubnub
>>swift>>Versions before 6.2.0(exclusive)
cpe:2.3:a:pubnub:swift:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-331Primarynvd@nist.gov
CWE-331Secondaryreport@snyk.io
CWE ID: CWE-331
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-331
Type: Secondary
Source: report@snyk.io
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://gist.github.com/vargad/20237094fce7a0a28f0723d7ce395bb0report@snyk.io
Exploit
Issue Tracking
https://github.com/pubnub/javascript/blob/master/src/crypto/modules/web.js%23L70report@snyk.io
Broken Link
https://github.com/pubnub/javascript/commit/fb6cd0417cbb4ba87ea2d5d86a9c94774447e119report@snyk.io
Patch
https://security.snyk.io/vuln/SNYK-COCOAPODS-PUBNUB-6098384report@snyk.io
Third Party Advisory
https://security.snyk.io/vuln/SNYK-DOTNET-PUBNUB-6098372report@snyk.io
Third Party Advisory
https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPUBNUBGO-6098373report@snyk.io
Third Party Advisory
https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPUBNUBGOV7-6098374report@snyk.io
Third Party Advisory
https://security.snyk.io/vuln/SNYK-JAVA-COMPUBNUB-6098371report@snyk.io
Third Party Advisory
https://security.snyk.io/vuln/SNYK-JAVA-COMPUBNUB-6098380report@snyk.io
Third Party Advisory
https://security.snyk.io/vuln/SNYK-JS-PUBNUB-5840690report@snyk.io
Third Party Advisory
https://security.snyk.io/vuln/SNYK-PHP-PUBNUBPUBNUB-6098376report@snyk.io
Third Party Advisory
https://security.snyk.io/vuln/SNYK-PUB-PUBNUB-6098385report@snyk.io
Third Party Advisory
https://security.snyk.io/vuln/SNYK-PYTHON-PUBNUB-6098375report@snyk.io
Third Party Advisory
https://security.snyk.io/vuln/SNYK-RUBY-PUBNUB-6098377report@snyk.io
Third Party Advisory
https://security.snyk.io/vuln/SNYK-RUST-PUBNUB-6098378report@snyk.io
Third Party Advisory
https://security.snyk.io/vuln/SNYK-SWIFT-PUBNUBSWIFT-6098381report@snyk.io
Third Party Advisory
https://security.snyk.io/vuln/SNYK-UNMANAGED-PUBNUBCCORE-6098379report@snyk.io
Third Party Advisory
Hyperlink: https://gist.github.com/vargad/20237094fce7a0a28f0723d7ce395bb0
Source: report@snyk.io
Resource:
Exploit
Issue Tracking
Hyperlink: https://github.com/pubnub/javascript/blob/master/src/crypto/modules/web.js%23L70
Source: report@snyk.io
Resource:
Broken Link
Hyperlink: https://github.com/pubnub/javascript/commit/fb6cd0417cbb4ba87ea2d5d86a9c94774447e119
Source: report@snyk.io
Resource:
Patch
Hyperlink: https://security.snyk.io/vuln/SNYK-COCOAPODS-PUBNUB-6098384
Source: report@snyk.io
Resource:
Third Party Advisory
Hyperlink: https://security.snyk.io/vuln/SNYK-DOTNET-PUBNUB-6098372
Source: report@snyk.io
Resource:
Third Party Advisory
Hyperlink: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPUBNUBGO-6098373
Source: report@snyk.io
Resource:
Third Party Advisory
Hyperlink: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPUBNUBGOV7-6098374
Source: report@snyk.io
Resource:
Third Party Advisory
Hyperlink: https://security.snyk.io/vuln/SNYK-JAVA-COMPUBNUB-6098371
Source: report@snyk.io
Resource:
Third Party Advisory
Hyperlink: https://security.snyk.io/vuln/SNYK-JAVA-COMPUBNUB-6098380
Source: report@snyk.io
Resource:
Third Party Advisory
Hyperlink: https://security.snyk.io/vuln/SNYK-JS-PUBNUB-5840690
Source: report@snyk.io
Resource:
Third Party Advisory
Hyperlink: https://security.snyk.io/vuln/SNYK-PHP-PUBNUBPUBNUB-6098376
Source: report@snyk.io
Resource:
Third Party Advisory
Hyperlink: https://security.snyk.io/vuln/SNYK-PUB-PUBNUB-6098385
Source: report@snyk.io
Resource:
Third Party Advisory
Hyperlink: https://security.snyk.io/vuln/SNYK-PYTHON-PUBNUB-6098375
Source: report@snyk.io
Resource:
Third Party Advisory
Hyperlink: https://security.snyk.io/vuln/SNYK-RUBY-PUBNUB-6098377
Source: report@snyk.io
Resource:
Third Party Advisory
Hyperlink: https://security.snyk.io/vuln/SNYK-RUST-PUBNUB-6098378
Source: report@snyk.io
Resource:
Third Party Advisory
Hyperlink: https://security.snyk.io/vuln/SNYK-SWIFT-PUBNUBSWIFT-6098381
Source: report@snyk.io
Resource:
Third Party Advisory
Hyperlink: https://security.snyk.io/vuln/SNYK-UNMANAGED-PUBNUBCCORE-6098379
Source: report@snyk.io
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

2Records found
CVE-2022-34746
Matching Score-4
Assigner-Zyxel Corporation
ShareView Details
Matching Score-4
Assigner-Zyxel Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.40% / 60.21%
||
7 Day CHG~0.00%
Published-20 Sep, 2022 | 01:50
Updated-29 May, 2025 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate of the web administration interface.

Action-Not Available
Vendor-Zyxel Networks Corporation
Product-gs1900-24hpv2_firmwaregs1900-10hpgs1900-24_firmwaregs1900-24e_firmwaregs1900-8gs1900-8hp_firmwaregs1900-48_firmwaregs1900-48hpv2_firmwaregs1900-48hpv2gs1900-24epgs1900-24ep_firmwaregs1900-24gs1900-8hpgs1900-24egs1900-24hpv2gs1900-8_firmwaregs1900-48gs1900-16_firmwaregs1900-10hp_firmwaregs1900-16Zyxel GS1900 series firmware
CWE ID-CWE-331
Insufficient Entropy
CVE-2023-36610
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 31.67%
||
7 Day CHG~0.00%
Published-03 Jul, 2023 | 20:01
Updated-25 Oct, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

​The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token are generated using predictable time-based values. An attacker with this knowledge could successfully brute force the token and authenticate themselves.

Action-Not Available
Vendor-ovarroOvarro
Product-tbox_lt2_firmwaretbox_ms-cpu32-s2_firmwaretbox_ms-cpu32-s2tbox_ms-cpu32tbox_rm2_firmwaretbox_ms-cpu32_firmwaretbox_lt2tbox_tg2tbox_tg2_firmwaretbox_rm2TBox RM2TBox MS-CPU32​TBox MS-CPU32-S2TBox TG2TBox LT2
CWE ID-CWE-331
Insufficient Entropy
Details not found