CVE-2023-23463 - OpenCVE

Sunell DVR, latest version, Insufficiently Protected Credentials (CWE-522) may be exposed through an unspecified request.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Sunellsecurity	Sn-adr3804e1 Sn-xvr3804e1 Firmware Sn-adr3808e1 Sn-adr3808e2 Firmware Sn-adr3816e2 Sn-xvr3804e1 Sn-adr3808e2 Sn-adr3816e1 Sn-adr3804e1 Firmware Sn-xvr3808e2 Sn-adr3816e1 Firmware Sn-xvr3808e2 Firmware Sn-adr3808e1 Firmware Sn-adr3816e2 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:sunellsecurity:sn-xvr3804e1_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sunellsecurity:sn-xvr3804e1:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:sunellsecurity:sn-xvr3808e2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sunellsecurity:sn-xvr3808e2:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:sunellsecurity:sn-adr3804e1_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sunellsecurity:sn-adr3804e1:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:sunellsecurity:sn-adr3808e1_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sunellsecurity:sn-adr3808e1:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:sunellsecurity:sn-adr3816e1_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sunellsecurity:sn-adr3816e1:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:sunellsecurity:sn-adr3808e2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sunellsecurity:sn-adr3808e2:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:sunellsecurity:sn-adr3816e2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:sunellsecurity:sn-adr3816e2:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.gov.il/en/Departments/faq/cve_advisories	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: INCD

Published: 2023-02-15T00:00:00

Updated: 2023-02-15T00:00:00

Reserved: 2023-01-12T00:00:00

Link: CVE-2023-23463

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-02-15T19:15:12.640

Modified: 2023-02-24T15:53:58.807

Link: CVE-2023-23463

JSON object: View

Redhat Information

No data.

CWE

CWE-522

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sunellsecurity:sn-xvr3804e1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B8D1F4B5-2155-4CB9-92AB-36D58A903EC8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sunellsecurity:sn-xvr3804e1:-:*:*:*:*:*:*:*", "matchCriteriaId": "BC36AB47-4477-4459-BE5D-80E13BEF4FB7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sunellsecurity:sn-xvr3808e2_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "918E8CCB-3CAC-4F5B-A2E0-93544CB6669A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sunellsecurity:sn-xvr3808e2:-:*:*:*:*:*:*:*", "matchCriteriaId": "8017E6B3-97D4-4ABE-933D-5DA085BD548A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sunellsecurity:sn-adr3804e1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B270EE6-5859-48C7-83B8-9939B9D736DC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sunellsecurity:sn-adr3804e1:-:*:*:*:*:*:*:*", "matchCriteriaId": "678AF443-C99A-4E69-9C3F-74755289390C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sunellsecurity:sn-adr3808e1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "037F9430-B87F-4CBD-833F-3F1079ADBE92", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sunellsecurity:sn-adr3808e1:-:*:*:*:*:*:*:*", "matchCriteriaId": "41607B2B-0B1E-4DEC-920D-A2D9985276B2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sunellsecurity:sn-adr3816e1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "AAD819F0-9BCE-41EB-9B50-8AC181502B25", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sunellsecurity:sn-adr3816e1:-:*:*:*:*:*:*:*", "matchCriteriaId": "08F7B966-9FC9-448F-9C22-90819E7BCC48", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sunellsecurity:sn-adr3808e2_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A4D2A2BF-3D1A-4861-A15F-64E935BE0871", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sunellsecurity:sn-adr3808e2:-:*:*:*:*:*:*:*", "matchCriteriaId": "F21B9A73-5268-4DFB-8D13-F3C105E4F40A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sunellsecurity:sn-adr3816e2_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5536CEF5-1693-4202-9399-006C10A09188", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sunellsecurity:sn-adr3816e2:-:*:*:*:*:*:*:*", "matchCriteriaId": "433FCB67-4EFD-4580-92B6-FD2E944DEAE0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Sunell DVR, latest version, Insufficiently Protected Credentials (CWE-522) may be exposed through an unspecified request."}], "id": "CVE-2023-23463", "lastModified": "2023-02-24T15:53:58.807", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cna@cyber.gov.il", "type": "Secondary"}]}, "published": "2023-02-15T19:15:12.640", "references": [{"source": "cna@cyber.gov.il", "tags": ["Third Party Advisory"], "url": "https://www.gov.il/en/Departments/faq/cve_advisories"}], "sourceIdentifier": "cna@cyber.gov.il", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-522"}], "source": "cna@cyber.gov.il", "type": "Secondary"}]}