Headline
CVE-2023-29711: LINK-Unauthorized/CVE-2023-29711 at main · shellpei/LINK-Unauthorized
An incorrect access control issue was discovered in Interlink PSG-5124 version 1.0.4, allows attackers to execute arbitrary code via crafted GET request.
> [Vulnerability Type]
>> Incorrect Access Control
---------------------------------------------------------------
> [Affected Component]
>> LINK PSG-5124 24-Port L2 Managed Gigabit PoE Switch. LINK
>> SOFTWARE RELEASE:1.0.4
---------------------------------------------------------------
> [Attack Type]
>> Remote
---------------------------------------------------------------
> [Impact Code execution]
>> true
---------------------------------------------------------------
> [Attack Vectors]
>> https://holistic-height-e6d.notion.site/LINK-PSG-5124-Switch-remote-command-vulnerability-da4fd8fb450d42879b07ef3a953a2366
---------------------------------------------------------------
> [Discoverer]
>> Shellpei
---------------------------------------------------------------
> [Reference]
>> https://holistic-height-e6d.notion.site/LINK-PSG-5124-Switch-remote-command-vulnerability-da4fd8fb450d42879b07ef3a953a2366
---------------------------------------------------------------
> [Vendor of Product]
>> https://interlink.co.th
---------------------------------------------------------------
> [Affected Product Code Base]
>> LINK PSG-5124 LINK SOFTWARE RELEASE:1.0.4