CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted package to modify the network routing table, resulting in a denial of service or sensitive information leaking.

:::

*   首頁
*   資安服務
*   台灣漏洞揭露平台 (TVN)
*   TVN (Taiwan Vulnerability Note) 漏洞公告

TVN ID

TVN-202311011

CVE ID

CVE-2023-41355

CVSS

9.8 (Critical)  
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

影響產品

NOKIA G-040W-Q: G040WQR201207

問題描述

中華電信NOKIA G-040W-Q的防火牆功能未阻擋 ICMP redirect請求，未經驗證攻擊者可利用此漏洞進行DoS攻擊或是造成流量外洩。

解決方法

更新韌體版本至G040WQR231013

漏洞通報者

Ta-Lun Yen(TXOne Networks)

公開日期

2023-11-03

Headline

CVE-2023-41355: 中華電信 NOKIA G-040W-Q-Improper Input Validation

CVE: Latest News