CVE-2023-25017 HIGH

CVE-2023-25017: Rifartek IOT Wall - Broken Access Control

Vendor Rifartek

Product IOT Wall

Weakness CWE-863 · Incorrect authorization

Published March 27, 2023

Last update February 19, 2025

View on NVD All CVEs

CVSS base score

8.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

RIFARTEK IOT Wall has a vulnerability of incorrect authorization. An authenticated remote attacker with general user privilege is allowed to perform specific privileged function to access and modify all sensitive data.

Key dates

02Disclosure timeline

March 27, 2023 CVE published

February 19, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-25017 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/863.html

Related vulnerabilities

04Related CVE

CVE-2021-24905 Advanced Contact form 7 DB < 1.8.7 - Subscriber+ Arbitrary File Deletion CVE-2024-10975 Nomad Vulnerable To Cross-Namespace Volume Creation Abusing CSI Write Permission CVE-2021-26563 CVE-2025-13432 Terraform Enterprise state versions can be created by users with specific permissions without sufficient write access CVE-2025-11060 Surrealdb: surrealdb is vulnerable to unauthorized data exposure via live query subscriptions