Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-26588

Summary
Assigner-jpcert
Assigner Org ID-ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At-11 Apr, 2023 | 00:00
Updated At-11 Feb, 2025 | 21:06
Rejected At-
Credits

Use of hard-coded credentials vulnerability in Buffalo network devices allows an attacker to access the debug function of the product. The affected products and versions are as follows: BS-GSL2024 firmware Ver. 1.10-0.03 and earlier, BS-GSL2016P firmware Ver. 1.10-0.03 and earlier, BS-GSL2016 firmware Ver. 1.10-0.03 and earlier, BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlier

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:jpcert
Assigner Org ID:ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At:11 Apr, 2023 | 00:00
Updated At:11 Feb, 2025 | 21:06
Rejected At:
â–¼CVE Numbering Authority (CNA)

Use of hard-coded credentials vulnerability in Buffalo network devices allows an attacker to access the debug function of the product. The affected products and versions are as follows: BS-GSL2024 firmware Ver. 1.10-0.03 and earlier, BS-GSL2016P firmware Ver. 1.10-0.03 and earlier, BS-GSL2016 firmware Ver. 1.10-0.03 and earlier, BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlier

Affected Products
Vendor
BUFFALO INC.BUFFALO INC.
Product
BS-GSL and BS-GS series
Versions
Affected
  • BS-GSL2024 firmware Ver. 1.10-0.03 and earlier, BS-GSL2016P firmware Ver. 1.10-0.03 and earlier, BS-GSL2016 firmware Ver. 1.10-0.03 and earlier, BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlier
Problem Types
TypeCWE IDDescription
textN/AUse of hard-coded credentials
Type: text
CWE ID: N/A
Description: Use of hard-coded credentials
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.buffalo.jp/news/detail/20230310-01.html
N/A
https://jvn.jp/en/vu/JVNVU96824262/
N/A
Hyperlink: https://www.buffalo.jp/news/detail/20230310-01.html
Resource: N/A
Hyperlink: https://jvn.jp/en/vu/JVNVU96824262/
Resource: N/A
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.buffalo.jp/news/detail/20230310-01.html
x_transferred
https://jvn.jp/en/vu/JVNVU96824262/
x_transferred
Hyperlink: https://www.buffalo.jp/news/detail/20230310-01.html
Resource:
x_transferred
Hyperlink: https://jvn.jp/en/vu/JVNVU96824262/
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-668CWE-668 Exposure of Resource to Wrong Sphere
Type: CWE
CWE ID: CWE-668
Description: CWE-668 Exposure of Resource to Wrong Sphere
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vultures@jpcert.or.jp
Published At:11 Apr, 2023 | 09:15
Updated At:11 Feb, 2025 | 21:15

Use of hard-coded credentials vulnerability in Buffalo network devices allows an attacker to access the debug function of the product. The affected products and versions are as follows: BS-GSL2024 firmware Ver. 1.10-0.03 and earlier, BS-GSL2016P firmware Ver. 1.10-0.03 and earlier, BS-GSL2016 firmware Ver. 1.10-0.03 and earlier, BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlier

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
BUFFALO INC.
buffalo
>>bs-gsl2024_firmware>>Versions up to 1.10-0.03(inclusive)
cpe:2.3:o:buffalo:bs-gsl2024_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>bs-gsl2024>>-
cpe:2.3:h:buffalo:bs-gsl2024:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>bs-gsl2016p_firmware>>Versions up to 1.10-0.03(inclusive)
cpe:2.3:o:buffalo:bs-gsl2016p_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>bs-gsl2016p>>-
cpe:2.3:h:buffalo:bs-gsl2016p:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>bs-gsl2016_firmware>>Versions up to 1.10-0.03(inclusive)
cpe:2.3:o:buffalo:bs-gsl2016_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>bs-gsl2016>>-
cpe:2.3:h:buffalo:bs-gsl2016:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>bs-gs2008_firmware>>Versions up to 1.0.10.01(inclusive)
cpe:2.3:o:buffalo:bs-gs2008_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>bs-gs2008>>-
cpe:2.3:h:buffalo:bs-gs2008:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>bs-gs2016_firmware>>Versions up to 1.0.10.01(inclusive)
cpe:2.3:o:buffalo:bs-gs2016_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>bs-gs2016>>-
cpe:2.3:h:buffalo:bs-gs2016:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>bs-gs2024_firmware>>Versions up to 1.0.10.01(inclusive)
cpe:2.3:o:buffalo:bs-gs2024_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>bs-gs2024>>-
cpe:2.3:h:buffalo:bs-gs2024:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>bs-gs2048_firmware>>Versions up to 1.0.10.01(inclusive)
cpe:2.3:o:buffalo:bs-gs2048_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>bs-gs2048>>-
cpe:2.3:h:buffalo:bs-gs2048:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>bs-gs2008p_firmware>>Versions up to 1.0.10.01(inclusive)
cpe:2.3:o:buffalo:bs-gs2008p_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>bs-gs2008p>>-
cpe:2.3:h:buffalo:bs-gs2008p:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>bs-gs2016p_firmware>>Versions up to 1.0.10.01(inclusive)
cpe:2.3:o:buffalo:bs-gs2016p_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>bs-gs2016p>>-
cpe:2.3:h:buffalo:bs-gs2016p:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>bs-gs2024p_firmware>>Versions up to 1.0.10.01(inclusive)
cpe:2.3:o:buffalo:bs-gs2024p_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>bs-gs2024p>>-
cpe:2.3:h:buffalo:bs-gs2024p:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>bs-gsl2005_firmware>>Versions before 1.12-0.01(exclusive)
cpe:2.3:o:buffalo:bs-gsl2005_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>bs-gsl2005>>-
cpe:2.3:h:buffalo:bs-gsl2005:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>bs-gsl2008_firmware>>Versions before 1.12-0.01(exclusive)
cpe:2.3:o:buffalo:bs-gsl2008_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>bs-gsl2008>>-
cpe:2.3:h:buffalo:bs-gsl2008:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>bs-gsl2005p_firmware>>Versions before 1.11-0.01(exclusive)
cpe:2.3:o:buffalo:bs-gsl2005p_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>bs-gsl2005p>>-
cpe:2.3:h:buffalo:bs-gsl2005p:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>bs-gsl2008p_firmware>>Versions before 1.11-0.01(exclusive)
cpe:2.3:o:buffalo:bs-gsl2008p_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>bs-gsl2008p>>-
cpe:2.3:h:buffalo:bs-gsl2008p:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>bs-gs2016p_firmware>>Versions before 1.1.7.01(exclusive)
cpe:2.3:o:buffalo:bs-gs2016p_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>bs-gs2016p>>-
cpe:2.3:h:buffalo:bs-gs2016p:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>bs-gs2016hp_firmware>>Versions before 1.1.7.01(exclusive)
cpe:2.3:o:buffalo:bs-gs2016hp_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>bs-gs2016hp>>-
cpe:2.3:h:buffalo:bs-gs2016hp:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>bs-gs2024p_firmware>>Versions before 1.1.7.01(exclusive)
cpe:2.3:o:buffalo:bs-gs2024p_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>bs-gs2024p>>-
cpe:2.3:h:buffalo:bs-gs2024p:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>bs-gs2024hp_firmware>>Versions before 1.1.7.01(exclusive)
cpe:2.3:o:buffalo:bs-gs2024hp_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>bs-gs2024hp>>-
cpe:2.3:h:buffalo:bs-gs2024hp:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-668Primarynvd@nist.gov
CWE-668Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-668
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-668
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://jvn.jp/en/vu/JVNVU96824262/vultures@jpcert.or.jp
Patch
Third Party Advisory
https://www.buffalo.jp/news/detail/20230310-01.htmlvultures@jpcert.or.jp
Vendor Advisory
https://jvn.jp/en/vu/JVNVU96824262/af854a3a-2127-422b-91ae-364da2661108
Patch
Third Party Advisory
https://www.buffalo.jp/news/detail/20230310-01.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://jvn.jp/en/vu/JVNVU96824262/
Source: vultures@jpcert.or.jp
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.buffalo.jp/news/detail/20230310-01.html
Source: vultures@jpcert.or.jp
Resource:
Vendor Advisory
Hyperlink: https://jvn.jp/en/vu/JVNVU96824262/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.buffalo.jp/news/detail/20230310-01.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

74Records found
CVE-2020-18646
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.74%
||
7 Day CHG~0.00%
Published-22 Jun, 2021 | 14:25
Updated-04 Aug, 2024 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/public/index.php".

Action-Not Available
Vendor-5nonen/a
Product-nonecmsn/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-44310
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.25% / 48.47%
||
7 Day CHG~0.00%
Published-24 Feb, 2023 | 00:00
Updated-12 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Development IL ecdh before 0.2.0, an attacker can send an invalid point (not on the curve) as the public key, and obtain the derived shared secret.

Action-Not Available
Vendor-ecdh_projectn/a
Product-ecdhn/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2019-15138
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.80%
||
7 Day CHG~0.00%
Published-20 Sep, 2019 | 19:13
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL.

Action-Not Available
Vendor-html-pdf_projectn/a
Product-html-pdfn/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-39871
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.18% / 38.53%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-smartthingsSmartThings
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-39870
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.18% / 38.53%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-smartthingsSmartThings
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-39869
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.18% / 38.53%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via REMOVE_PERSISTENT_BANNER broadcast.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-smartthingsSmartThings
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-34047
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-59.18% / 98.26%
||
7 Day CHG~0.00%
Published-20 Jul, 2022 | 16:50
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd].

Action-Not Available
Vendor-n/aWAVLINK Technology Ltd.
Product-wl-wn530hg4wl-wn530hg4_firmwaren/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-32249
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.52%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 20:31
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Under special integration scenario of SAP Business one and SAP HANA - version 10.0, an attacker can exploit HANA cockpit�s data volume to gain access to highly sensitive information (e.g., high privileged account credentials)

Action-Not Available
Vendor-SAP SE
Product-business_oneSAP Business one
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-31846
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-26.38% / 96.38%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 13:09
Updated-03 Aug, 2024 | 07:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in live_mfg.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function.

Action-Not Available
Vendor-n/aWAVLINK Technology Ltd.
Product-wn535g3_firmwarewn535g3n/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-31845
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-53.12% / 97.99%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 13:09
Updated-03 Aug, 2024 | 07:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function.

Action-Not Available
Vendor-n/aWAVLINK Technology Ltd.
Product-wn535g3_firmwarewn535g3n/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-31649
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.94%
||
7 Day CHG~0.00%
Published-09 Jun, 2022 | 00:51
Updated-03 Aug, 2024 | 07:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer.

Action-Not Available
Vendor-n/aownCloud GmbH
Product-owncloudn/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-30732
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.21% / 43.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2022 | 18:14
Updated-03 Aug, 2024 | 06:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Exposure of Sensitive Information vulnerability in Samsung Account prior to version 13.2.00.6 allows attacker to access sensitive information via onActivityResult.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-accountSamsung Account
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2020-8449
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.96% / 88.48%
||
7 Day CHG~0.00%
Published-04 Feb, 2020 | 19:50
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.

Action-Not Available
Vendor-n/aopenSUSESquid CacheCanonical Ltd.Debian GNU/LinuxFedora Project
Product-ubuntu_linuxdebian_linuxsquidfedoraleapn/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2020-5386
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-8.1||HIGH
EPSS-0.88% / 75.55%
||
7 Day CHG~0.00%
Published-02 Sep, 2020 | 20:55
Updated-16 Sep, 2024 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource vulnerability. A remote unauthenticated attacker can access the list of DT (Directory Table) objects of all internally running services and gain knowledge of sensitive data of the system.

Action-Not Available
Vendor-Dell Inc.
Product-emc_elastic_cloud_storageElastic Cloud Storage
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2023-2703
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-7.5||HIGH
EPSS-0.09% / 25.47%
||
7 Day CHG~0.00%
Published-23 May, 2023 | 19:19
Updated-17 Jan, 2025 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information Disclosure in Finex Media's Competition Management System

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users.This issue affects Competition Management System: before 23.07.

Action-Not Available
Vendor-finexmediaFinex Media
Product-competition_management_systemCompetition Management System
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2023-25802
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.26% / 79.60%
||
7 Day CHG~0.00%
Published-13 Mar, 2023 | 19:35
Updated-25 Feb, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Roxy-WI has Path Traversal vulnerability

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.6.0 don't correctly neutralize `dir/../filename` sequences, such as `/etc/nginx/../passwd`, allowing an actor to gain information about a server. Version 6.3.6.0 has a patch for this issue.

Action-Not Available
Vendor-roxy-wihap-wi
Product-roxy-wiroxy-wi
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-26
Path Traversal: '/dir/../filename'
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2020-28145
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.30% / 53.12%
||
7 Day CHG~0.00%
Published-12 Oct, 2021 | 10:21
Updated-04 Aug, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information.

Action-Not Available
Vendor-wuzhicmsn/a
Product-wuzhicmsn/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2020-27361
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-89.18% / 99.55%
||
7 Day CHG~0.00%
Published-01 Jul, 2021 | 15:57
Updated-04 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue exists within Akkadian Provisioning Manager 4.50.02 which allows attackers to view sensitive information within the /pme subdirectories.

Action-Not Available
Vendor-n/aAkkadian Labs, LLC
Product-akkadian_provisioning_managern/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2020-18647
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.74%
||
7 Day CHG~0.00%
Published-22 Jun, 2021 | 14:25
Updated-04 Aug, 2024 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/nonecms/vendor".

Action-Not Available
Vendor-5nonen/a
Product-nonecmsn/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2020-18754
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.29% / 51.96%
||
7 Day CHG~0.00%
Published-13 Aug, 2021 | 16:08
Updated-04 Aug, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists within Dut Computer Control Engineering Co.'s PLC MAC1100.

Action-Not Available
Vendor-dccen/a
Product-mac1100_plc_firmwaremac1100_plcn/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2023-31818
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 22.74%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 00:00
Updated-08 Nov, 2024 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue found in Marukyu Line v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function.

Action-Not Available
Vendor-marukyun/a
Product-marukyu_linen/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2020-13670
Matching Score-4
Assigner-Drupal.org
ShareView Details
Matching Score-4
Assigner-Drupal.org
CVSS Score-7.5||HIGH
EPSS-0.43% / 62.51%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 15:45
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6.

Action-Not Available
Vendor-The Drupal Association
Product-drupalCore
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2023-44101
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.66%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 11:48
Updated-18 Sep, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Bluetooth module has a vulnerability in permission control for broadcast notifications.Successful exploitation of this vulnerability may affect confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-22732
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-3.9||LOW
EPSS-0.21% / 42.84%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 00:00
Updated-05 Feb, 2025 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources (data) supplied by the server when an attacker sends a fetch request from third-party site or malicious site. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22)

Action-Not Available
Vendor-Schneider Electric SE
Product-ecostruxure_power_commissionEcoStruxure Power Commission
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
  • Previous
  • 1
  • 2
  • Next
Details not found