{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-41351","assignerOrgId":"cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e","state":"PUBLISHED","assignerShortName":"twcert","dateReserved":"2023-08-29T00:11:47.812Z","datePublished":"2023-11-03T05:41:26.852Z","dateUpdated":"2024-09-04T20:10:05.622Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"NOKIA G-040W-Q","vendor":"Chunghwa Telecom","versions":[{"status":"affected","version":"G040WQR201207"}]}],"datePublic":"2023-11-03T06:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL. This makes it possible for unauthenticated remote attackers to log in as any existing users, such as an administrator, to perform arbitrary system operations or disrupt service."}],"value":"Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL. This makes it possible for unauthenticated remote attackers to log in as any existing users, such as an administrator, to perform arbitrary system operations or disrupt service."}],"impacts":[{"capecId":"CAPEC-665","descriptions":[{"lang":"en","value":"CAPEC-665 Exploitation of Thunderbolt Protection Flaws"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-288","description":"CWE-288 Authentication Bypass Using an Alternate Path or Channel","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e","shortName":"twcert","dateUpdated":"2023-11-03T05:41:26.852Z"},"references":[{"url":"https://www.twcert.org.tw/tw/cp-132-7501-6155a-1.html"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\nUpdate version to G040WQR231013.\n\n<br>"}],"value":"\nUpdate version to G040WQR231013.\n\n\n"}],"source":{"advisory":"TVN-202311007","discovery":"EXTERNAL"},"title":"Chunghwa Telecom NOKIA G-040W-Q - Broken Access Control","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T19:01:34.243Z"},"title":"CVE Program Container","references":[{"url":"https://www.twcert.org.tw/tw/cp-132-7501-6155a-1.html","tags":["x_transferred"]}]},{"affected":[{"vendor":"nokia","product":"g-040w-q_firmware","cpes":["cpe:2.3:o:nokia:g-040w-q_firmware:g040wqr201207:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"version":"G040WQR201207","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-09-04T20:06:40.510233Z","id":"CVE-2023-41351","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-04T20:10:05.622Z"}}]}}