Access Control Bypass Vulnerability in Multilaser Routers
CVE-2023-38945

9.8CRITICAL

Key Information:

Vendor: Multilaser
Status: Re160 Firmware
Vendor: CVE Published:; 6 March 2024

What is CVE-2023-38945?

Several Multilaser router models are vulnerable to an access control bypass due to improper handling of URL requests. Attackers can exploit this flaw by crafting specific URLs, which allows them to bypass security measures and gain unauthorized access to the affected routers. This highlights the importance of securing web interfaces and maintaining updated firmware to mitigate such risks.

References

http://seclists.org/fulldisclosure/2024/Mar/1

mailing-list

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 6, 2024