CVE-2023-6930 CRITICAL

CVE-2023-6930: Improper Access Control in EuroTel ETL3100

Vendor Eurotel

Product ETL3100

Weakness CWE-284

Published December 19, 2023

Last update November 21, 2024

View on NVD All CVEs

CVSS base score

9.4/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H

What the vulnerability does

01Description

EuroTel ETL3100 versions v01c01 and v01x37 suffer from an unauthenticated configuration and log download vulnerability. This enables the attacker to disclose sensitive information and assist in authentication bypass, privilege escalation, and full system access.

Key dates

02Disclosure timeline

December 19, 2023 CVE published

November 21, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-6930 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

Identifiers

CVE CVE-2023-6930

CWE CWE-284

CVSS 9.4 / CRITICAL

Affected versions

Vendor Eurotel

Product ETL3100

Affected v01c01

Vendor Eurotel

Product ETL3100

Affected v01x37

CVE-2023-6930: Improper Access Control in EuroTel ETL3100

01Description

02Disclosure timeline

03References

04Related CVE