Vulnerability Description
Use of default credentials vulnerability in MR-GM2 firmware Ver. 3.00.03 and earlier, and MR-GM3 (-D/-K/-S/-DK/-DKS/-M/-W) firmware Ver. 1.03.45 and earlier allows a network-adjacent unauthenticated attacker to intercept wireless LAN communication, when the affected product performs the communication without changing the pre-shared key from the factory-default configuration.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mrl | Mr-Gm3-D Firmware | < 1.04.00 |
| Mrl | Mr-Gm3-D | - |
| Mrl | Mr-Gm3-K Firmware | < 1.04.00 |
| Mrl | Mr-Gm3-K | - |
| Mrl | Mr-Gm3-S Firmware | < 1.04.00 |
| Mrl | Mr-Gm3-S | - |
| Mrl | Mr-Gm3-Dks Firmware | < 1.04.00 |
| Mrl | Mr-Gm3-Dks | - |
| Mrl | Mr-Gm3-M Firmware | < 1.04.00 |
| Mrl | Mr-Gm3-M | - |
| Mrl | Mr-Gm2 Firmware | < 3.01.00 |
| Mrl | Mr-Gm2 | - |
| Mrl | Mr-Gm3-W Firmware | < 1.04.00 |
| Mrl | Mr-Gm3-W | - |
Related Weaknesses (CWE)
References
- https://jvn.jp/en/vu/JVNVU99039725/Third Party Advisory
- https://www.mrl.co.jp/20231005_security/PatchVendor Advisory
- https://jvn.jp/en/vu/JVNVU99039725/Third Party Advisory
- https://www.mrl.co.jp/20231005_security/PatchVendor Advisory
FAQ
What is CVE-2023-45194?
CVE-2023-45194 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Use of default credentials vulnerability in MR-GM2 firmware Ver. 3.00.03 and earlier, and MR-GM3 (-D/-K/-S/-DK/-DKS/-M/-W) firmware Ver. 1.03.45 and earlier allows a network-adjacent unauthenticated a...
How severe is CVE-2023-45194?
CVE-2023-45194 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-45194?
Check the references section above for vendor advisories and patch information. Affected products include: Mrl Mr-Gm3-D Firmware, Mrl Mr-Gm3-D, Mrl Mr-Gm3-K Firmware, Mrl Mr-Gm3-K, Mrl Mr-Gm3-S Firmware.