Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-41354: 中華電信 NOKIA G-040W-Q - Exposure of Sensitive Information

Chunghwa Telecom NOKIA G-040W-Q Firewall function does not block ICMP TIMESTAMP requests by default, an unauthenticated remote attacker can exploit this vulnerability by sending a crafted package, resulting in partially sensitive information exposed to an actor.

CVE
#vulnerability#nokia#auth

:::

  • 首頁
  • 資安服務
  • 台灣漏洞揭露平台 (TVN)
  • TVN (Taiwan Vulnerability Note) 漏洞公告

TVN ID

TVN-202311010

CVE ID

CVE-2023-41354

CVSS

4.0(Medium)
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

影響產品

NOKIA G-040W-Q: G040WQR201207

問題描述

中華電信NOKIA G-040W-Q 的防火牆功能預設未阻擋 ICMP TIMESTAMP請求,未經驗證攻擊者可利用此漏洞取得部分敏感資訊。

解決方法

更新韌體版本至G040WQR231013

漏洞通報者

Ta-Lun Yen(TXOne Networks)

公開日期

2023-11-03

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907