MidnightBSD

Advisories for sunellsecurity

CVE-2023-23458

Sunell DVR, latest version, CWE-200: Exposure of Sensitive Information to an Unauthorized Actor through an unspecified request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
cna@cyber.gov.il 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
sunellsecurity sn-xvr3808e2_firmware -
sunellsecurity sn-adr3808e1_firmware -
sunellsecurity sn-adr3816e1_firmware -
sunellsecurity sn-xvr3804e1_firmware -
sunellsecurity sn-adr3804e1_firmware -
sunellsecurity sn-adr3816e2_firmware -
sunellsecurity sn-adr3808e2_firmware -
CVE-2023-23463

Sunell DVR, latest version, Insufficiently Protected Credentials (CWE-522) may be exposed through an unspecified request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
cna@cyber.gov.il 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
sunellsecurity sn-xvr3808e2_firmware -
sunellsecurity sn-adr3808e1_firmware -
sunellsecurity sn-adr3816e1_firmware -
sunellsecurity sn-xvr3804e1_firmware -
sunellsecurity sn-adr3804e1_firmware -
sunellsecurity sn-adr3816e2_firmware -
sunellsecurity sn-adr3808e2_firmware -