Vulnerabilities > CVE-2023-33468 - Incorrect Authorization vulnerability in Kramerav VIA Connect2 Firmware and VIA GO2 Firmware

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

kramerav

CWE-863

critical

NVD

Published: 2023-08-09

Updated: 2023-08-16

Summary

KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmation code remotely, bypassing the need to obtain it directly from the physical screen.

Vulnerable Configurations

Part	Description	Count
OS	Kramerav Kramerav VIA GO2 Firmware * Kramerav VIA Connect2 Firmware *	2
Hardware	Kramerav Kramerav VIA GO2 - Kramerav VIA Connect2 -	2

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://github.com/Sharpe-nl/CVEs/tree/main/CVE-2023-33468
http://kramerav.com