CVE-2023-31245 HIGH

CVE-2023-31245

Vendor Snap One

Product OvrC Cloud

Weakness CWE-601 · Open redirect

Published May 22, 2023

Last update January 16, 2025

View on NVD All CVEs

CVSS base score

7.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Devices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attackers could impersonate a device and supply malicious information about the device’s web server interface. By supplying malicious parameters, an attacker could redirect the user to arbitrary and dangerous locations on the web.

Key dates

02Disclosure timeline

May 22, 2023 CVE published

January 16, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-31245 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/601.html

Related vulnerabilities

04Related CVE

CVE-2021-38678 Open Redirect Vulnerability in QcalAgent CVE-2026-2376 Mirror-registry: quay: quay: server-side request forgery via open redirect vulnerability in web interface CVE-2024-8883 Keycloak: vulnerable redirect uri validation results in open redirec CVE-2020-24551 IProom MMC+ Server - URL Redirection to Untrusted Site (Open Redirect') CVE-2026-7504 Org.keycloak/keycloak-services: open redirect when using wildcard valid redirect uris in keycloak