Vulnerability Description
An issue was discovered in DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. The troubleshooting_logs_download.php log file download functionality does not check the session cookie. Thus, an attacker can download all log files.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Commscope | Dg3450 Firmware | ar01.02.056.18_041520_711.ncs.10 |
| Commscope | Dg3450 | - |
Related Weaknesses (CWE)
References
- https://sec-consult.com/en/vulnerability-lab/advisories/index.htmlExploitThird Party Advisory
- https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-aExploitThird Party Advisory
- https://www.sec-consult.com/en/blog/Not Applicable
- https://sec-consult.com/en/vulnerability-lab/advisories/index.htmlExploitThird Party Advisory
- https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-aExploitThird Party Advisory
- https://www.sec-consult.com/en/blog/Not Applicable
FAQ
What is CVE-2023-27571?
CVE-2023-27571 is a vulnerability with a CVSS score of 5.3 (MEDIUM). An issue was discovered in DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. The troubleshooting_logs_download.php log file download functionality does not check the session cookie. Thus, an atta...
How severe is CVE-2023-27571?
CVE-2023-27571 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-27571?
Check the references section above for vendor advisories and patch information. Affected products include: Commscope Dg3450 Firmware, Commscope Dg3450.