The Akuvox E11 password recovery webpage can be accessed without authentication, and an attacker could download the device key file. An attacker could then use this page to reset the password back to the default.
References
Link | Resource |
---|---|
https://www.cisa.gov/news-events/ics-advisories/icsa-23-068-01 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2023-03-13T20:15:51.389Z
Updated: 2023-03-13T20:20:29.714Z
Reserved: 2023-01-17T19:27:15.123Z
Link: CVE-2023-0352
JSON object: View
NVD Information
Status : Modified
Published: 2023-03-13T21:15:13.653
Modified: 2023-11-07T04:00:16.280
Link: CVE-2023-0352
JSON object: View
Redhat Information
No data.
CWE
No CWE.