Bypass Access Control and Gain Complete Access to Application via Modifying HTTP Header
CVE-2023-38944

9.8CRITICAL

Key Information:

Vendor: Multilaser
Status: Re160v Firmware
Vendor: CVE Published:; 6 March 2024

What is CVE-2023-38944?

A vulnerability in the firmware of Multilaser RE160V and RE163V devices permits unauthorized users to bypass established access controls. By altering specific HTTP headers, attackers can gain complete control over the application, leading to potential data exposure and other security risks. Proper cybersecurity measures should be assessed and implemented to protect against such exploits, particularly in vulnerable firmware versions.

References

https://seclists.org/fulldisclosure/2024/Mar/0

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 6, 2024