MidnightBSD

Advisories for rifartek

CVE-2023-25017

RIFARTEK IOT Wall has a vulnerability of incorrect authorization. An authenticated remote attacker with general user privilege is allowed to perform specific privileged function to access and modify all sensitive data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

Products Affected

Vendor Product Version
rifartek iot_wall 22
CVE-2023-25018

RIFARTEK IOT Wall transportation function has insufficient filtering for user input. An authenticated remote attacker with general user privilege can inject JavaScript to perform reflected XSS (Reflected Cross-site scripting) attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7
twcert@cert.org.tw 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
rifartek iot_wall 22