Vulnerability Description
Privilege escalation vulnerability in SR-7100VN firmware Ver.1.38(N) and earlier and SR-7100VN #31 firmware Ver.1.21 and earlier allows a network-adjacent attacker with administrative privilege of the affected product to obtain an administrative privilege of the OS (Operating System). As a result, an arbitrary OS command may be executed.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Icom | Sr-7100Vn Firmware | < 1.39\(n\) |
| Icom | Sr-7100Vn | - |
| Icom | Sr-7100Vn\#31 Firmware | < 1.22 |
| Icom | Sr-7100Vn\#31 | - |
References
- https://jvn.jp/en/jp/JVN80476232/Third Party Advisory
- https://www.icom.co.jp/news/7239/Vendor Advisory
- https://jvn.jp/en/jp/JVN80476232/Third Party Advisory
- https://www.icom.co.jp/news/7239/Vendor Advisory
FAQ
What is CVE-2023-28390?
CVE-2023-28390 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Privilege escalation vulnerability in SR-7100VN firmware Ver.1.38(N) and earlier and SR-7100VN #31 firmware Ver.1.21 and earlier allows a network-adjacent attacker with administrative privilege of the...
How severe is CVE-2023-28390?
CVE-2023-28390 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-28390?
Check the references section above for vendor advisories and patch information. Affected products include: Icom Sr-7100Vn Firmware, Icom Sr-7100Vn, Icom Sr-7100Vn\#31 Firmware, Icom Sr-7100Vn\#31.