[Japanese]
|
JVNDB-2023-000006
|
Multiple vulnerabilities in PIXELA PIX-RT100
|
PIX-RT100 provided by PIXELA CORPORATION contains multiple vulnerabilities listed below.
- OS command injection (CWE-78) - CVE-2023-22304
- Backdoor access issue (CWE-912) - CVE-2023-22316
MASAHIRO IIDA of LAC Co.,Ltd. reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
CVSS V3 Severity: Base Metrics 8.8 (High) [IPA Score]
- Attack Vector: Adjacent Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
CVSS V2 Severity: Base Metrics 8.3 (High) [IPA Score]
- Access Vector: Adjacent Network
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: Complete
- Integrity Impact: Complete
- Availability Impact: Complete
The above CVSS base scores have been assigned for CVE-2023-22316
|
CVSS V3 Severity:
Base Metrics
8.0 (Medium) [IPA Score]
-
Attack Vector: Adjacent Network
-
Attack Complexity: Low
-
Privileges Required: Low
-
User Interaction: None
-
Scope: Unchanged
-
Confidentiality Impact: High
-
Integrity Impact: High
-
Availability Impact: High
CVSS V2 Severity:Base Metrics
7.7 (Low)
[IPA Score]
-
Access Vector: Adjacent Network
-
Access Complexity: Low
-
Authentication: Single
-
Confidentiality Impact: Complete
-
Integrity Impact: Complete
-
Availability Impact: Complete
The above CVSS base scores have been assigned for CVE-2023-22304
|
|
PIXELA CORPORATION
- PIX-RT100 versions RT100_TEQ_2.1.1_EQ101 and RT100_TEQ_2.1.2_EQ101
|
|
A user who can login to Setting of the product may execute an arbitrary OS command - CVE-2023-22304
A network-adjacent attacker may access the product via undocumented Telnet or SSH services - CVE-2023-22316
|
[Update the Software]
Update to the latest version according to the information provided by the developer.
According to the developer, these vulnerabilities have been fixed in version RT100_TEQ_2.1.3_EQ101.
|
PIXELA CORPORATION
|
- OS Command Injection(CWE-78) [IPA Evaluation]
- No Mapping(CWE-Other) [IPA Evaluation]
|
- CVE-2023-22304
- CVE-2023-22316
|
- JVN : JVN#57296685
- National Vulnerability Database (NVD) : CVE-2023-22304
- National Vulnerability Database (NVD) : CVE-2023-22316
|
- [2023/01/12]
Web page was published
|