The ioLogik E1200 Series prior to version 3.3 is affected by web application vulnerabilities.
CVE-2023-5961
A vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request.
CVE-2023-5962
A vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data.
The identified vulnerability types and potential impacts are shown below:
Item |
Vulnerability Type |
Impact |
1 |
Cross-Site Request Forgery (CSRF) (CWE-352)
CVE-2023-5961
|
This vulnerability may lead an attacker to perform operations on behalf of the victimized user. |
2 |
Use of a Broken or Risky Cryptographic Algorithm (CWE-327)
CVE-2023-5962
|
This vulnerability may lead an attacker to get unexpected authorization. |
Vulnerability Scoring Details
ID |
CVSS V3.1 |
VECTOR |
REMOTE EXPLOIT WITHOUT AUTH? |
CVE-2023-5961 |
8.8 |
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Yes |
CVE-2023-5962 |
6.5 |
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
No |