CVE-2023-31808 : Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded pas

Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. One account has administrative privileges, allowing for unrestricted access over the WAN interface if Remote Administration is enabled.

Published 2023-09-19 14:15:21

Updated 2023-09-21 13:14:27

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2023-31808

Technicolor » Tg670 Firmware » Version: 10.5.n.9
cpe:2.3:o:technicolor:tg670_firmware:10.5.n.9:*:*:*:*:*:*:*
Matching versions
When used together with: Technicolor » Tg670 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2023-31808

EPSS FAQ

0.14%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 35 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-31808

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	1.2	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2023-31808

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2023-31808

https://www.kb.cert.org/vuls/id/913565

VU#913565 - Hard-coded credentials in Technicolor TG670 DSL gateway router
Third Party Advisory;US Government Resource

Jump to

Vulnerability Details : CVE-2023-31808

Products affected by CVE-2023-31808

Exploit prediction scoring system (EPSS) score for CVE-2023-31808

CVSS scores for CVE-2023-31808

CWE ids for CVE-2023-31808

References for CVE-2023-31808