Vulnerability Description
Hard-coded credentials in Juplink RX4-1500 versions V1.0.2 through V1.0.5 allow unauthenticated attackers to log in to the web interface or telnet service as the 'user' user.
CVSS Score
6.3
MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Juplink | Rx4-1500 Firmware | >= 1.0.2, <= 1.0.5 |
| Juplink | Rx4-1500 | - |
Related Weaknesses (CWE)
References
- https://blog.exodusintel.com/2023/09/18/juplink-rx4-1500-hard-coded-credential-vPermissions RequiredThird Party Advisory
- https://blog.exodusintel.com/2023/09/18/juplink-rx4-1500-hard-coded-credential-vPermissions RequiredThird Party Advisory
FAQ
What is CVE-2023-41030?
CVE-2023-41030 is a vulnerability with a CVSS score of 6.3 (MEDIUM). Hard-coded credentials in Juplink RX4-1500 versions V1.0.2 through V1.0.5 allow unauthenticated attackers to log in to the web interface or telnet service as the 'user' user.
How severe is CVE-2023-41030?
CVE-2023-41030 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-41030?
Check the references section above for vendor advisories and patch information. Affected products include: Juplink Rx4-1500 Firmware, Juplink Rx4-1500.