CVE-2023-38946

An issue in Multilaser RE160 firmware v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01 allows attackers to bypass the access control and gain complete access to the application via supplying a crafted cookie.
References
Link Resource
http://seclists.org/fulldisclosure/2024/Mar/2 Exploit Third Party Advisory
http://seclists.org/fulldisclosure/2024/Mar/2 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:multilaser:re160_firmware:5.07.51_pt_mtl01:*:*:*:*:*:*:*
cpe:2.3:o:multilaser:re160_firmware:5.07.52_pt_mtl01:*:*:*:*:*:*:*
cpe:2.3:h:multilaser:re160:-:*:*:*:*:*:*:*

History

07 Jan 2025, 15:16

Type Values Removed Values Added
CPE cpe:2.3:o:multilaser:re160_firmware:5.07.51_pt_mtl01:*:*:*:*:*:*:*
cpe:2.3:o:multilaser:re160_firmware:5.07.52_pt_mtl01:*:*:*:*:*:*:*
cpe:2.3:h:multilaser:re160:-:*:*:*:*:*:*:*
First Time Multilaser re160
Multilaser
Multilaser re160 Firmware
CWE NVD-CWE-noinfo
References () http://seclists.org/fulldisclosure/2024/Mar/2 - () http://seclists.org/fulldisclosure/2024/Mar/2 - Exploit, Third Party Advisory

Information

Published : 2024-03-06 00:15

Updated : 2025-01-07 15:16


NVD link : CVE-2023-38946

Mitre link : CVE-2023-38946

CVE.ORG link : CVE-2023-38946


JSON object : View

Products Affected

multilaser

  • re160
  • re160_firmware
CWE
NVD-CWE-noinfo CWE-284

Improper Access Control