Multilaser RE057/RE170 Backup File param.file.tgz information disclosure
CVE-2023-0658

7.5HIGH

Key Information:

Vendor: Multilaser
Status: RE057; RE170
Vendor: CVE Published:; 3 February 2023

What is CVE-2023-0658?

A vulnerability within the Backup File Handler of Multilaser RE057 and RE170 devices allows for unauthorized information exposure through manipulation of the /param.file.tgz component. This vulnerability can be exploited remotely, placing users at risk of data being compromised. Security measures should be implemented to protect against potential exploitation of this weakness.

Affected Version(s)

RE057 2.1

RE057 2.2

RE170 2.1

References

https://vuldb.com/?id.220053

vdb-entrytechnical-description

https://vuldb.com/?ctiid.220053

signature

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 3, 2023
Vulnerability Reserved
Feb 2, 2023

Credit

c4ng4c3ir0 (VulDB User)