CVE-2023-43478 HIGH

CVE-2023-43478: Unauthenticated configuration restore and firmware update

Vendor Telstra
Product Smart Modem Gen 2 (Arcadyan LH1000)
Published September 20, 2023
Last update September 24, 2024

CVSS base score

8.8/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, allows unauthenticated attackers to upload firmware images and configuration backups, which could allow them to alter the firmware or the configuration on the device, ultimately leading to code execution as root. 

Key dates

02Disclosure timeline

September 20, 2023 CVE published
September 24, 2024 Record updated