Insufficient session expiration in Elenos ETG150 FM... · CVE-2023-39695 · GitHub Advisory Database · GitHub

Insufficient session expiration in Elenos ETG150 FM...

Moderate severity Unreviewed Published Nov 1, 2023 to the GitHub Advisory Database • Updated Nov 18, 2023

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 allows attackers to arbitrarily change transmitter configuration and data after logging out.

References

Published by the National Vulnerability Database

Oct 31, 2023

Published to the GitHub Advisory Database Nov 1, 2023

Last updated Nov 18, 2023

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N