Vulnerabilities > CVE-2023-3770 - Missing Authorization vulnerability in Ingeteam Ingepac Da3451 Firmware 0.29.2.42

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

ingeteam

CWE-862

NVD

Published: 2023-10-02

Updated: 2023-10-04

Summary

Incorrect validation vulnerability of the data entered, allowing an attacker with access to the network on which the affected device is located to use the discovery port protocol (1925/UDP) to obtain device-specific information without the need for authentication.

Vulnerable Configurations

Part	Description	Count
OS	Ingeteam Ingeteam Ingepac Da3451 Firmware 0.29.2.42	1
Hardware	Ingeteam Ingeteam Ingepac Da3451 -	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ingeteam-products