Overview
- Description
- EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers can bypass authorization, access the hidden resources on the system, and execute privileged functionalities.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:eurotel:etl3100_firmware:01c01:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E14B60DA-34A0-479A-B2FA-7055A70130C5"
},
{
"criteria": "cpe:2.3:o:eurotel:etl3100_firmware:01x37:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B0489194-32E5-485A-A8A5-BE1ECEEB004C"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:eurotel:etl3100:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "7A6661C9-6751-4E03-9FB8-0406FFE752BA"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]