- Description
- An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the device does not enforce any authentication. An adjacent attacker is able to use the network interface without proper access control.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5.8
- Impact score
- 6.4
- Exploitability score
- 6.5
- Vector string
- AV:A/AC:L/Au:N/C:P/I:P/A:P
- nvd@nist.gov
- CWE-306
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vzug:combi-stream_mslq_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4D622A17-7569-4A0A-A500-E07DF939ACEB",
"versionEndExcluding": "ethernet_r07"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vzug:combi-stream_mslq:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "71471F55-CB54-4F42-8A94-92D0CE479028"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vzug:combi-stream_mslq_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "68A4AABA-B6A5-4E1E-A848-F5AB12E7EAFF",
"versionEndExcluding": "wlan_r05"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:vzug:combi-stream_mslq:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "71471F55-CB54-4F42-8A94-92D0CE479028"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]