CVE-2023-39171 : SENEC Storage Box V1,V2 and V3 accidentially expose a management UI accessible w

SENEC Storage Box V1,V2 and V3 accidentially expose a management UI accessible with publicly known admin credentials.

Published 2023-12-07 15:15:10

Updated 2023-12-07 16:09:28

Source CERT VDE

View at NVD, CVE.org

Products affected by CVE-2023-39171

We don't have affected product information for this CVE yet

EPSS FAQ

0.30%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 50 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	1.2	5.9	CERT VDE
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

Assigned by: info@cert.vde.com (Primary)

https://seclists.org/fulldisclosure/2023/Nov/2

Full Disclosure: Senec Inverters Home V1, V2, V3 Home & Hybrid Publicly Accessible Management Interface “Local GUI”- CVE-2023-39171

Jump to