CVE-2023-36608 MEDIUM

CVE-2023-36608

Vendor Ovarro
Product TBox MS-CPU32
Weakness CWE-327 · Broken crypto
Published July 3, 2023
Last update October 25, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

The affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm.

Key dates

02Disclosure timeline

July 3, 2023 CVE published
October 25, 2024 Record updated