CVE-2023-41030 MEDIUM

CVE-2023-41030: Juplink RX4-1500 Hard-coded Credential Vulnerability

Vendor Juplink
Product RX4-1500
Weakness CWE-259
Published September 18, 2023
Last update September 25, 2024

CVSS base score

6.3/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

Hard-coded credentials in Juplink RX4-1500 versions V1.0.2 through V1.0.5 allow unauthenticated attackers to log in to the web interface or telnet service as the 'user' user.

Key dates

02Disclosure timeline

September 18, 2023 CVE published
September 25, 2024 Record updated