Vulnerabilities > CVE-2023-47573 - Missing Authorization vulnerability in Relyum Rely-Pcie Firmware and Rely-Rec Firmware

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

relyum

CWE-862

NVD

Published: 2023-12-13

Updated: 2023-12-15

Summary

An issue discovered in Relyum RELY-PCIe 22.2.1 devices. The authorization mechanism is not enforced in the web interface, allowing a low-privileged user to execute administrative functions.

Vulnerable Configurations

Part	Description	Count
OS	Relyum Relyum Rely Pcie Firmware 22.2.1 Relyum Rely REC Firmware 23.1.0	2
Hardware	Relyum Relyum Rely Pcie - Relyum Rely REC -	2

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://www.relyum.com/web/support/vulnerability-report/