CVE-2023-4462

Summary

A vulnerability classified as problematic has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. This affects an unknown part of the component Web Configuration Application. The manipulation leads to insufficiently random values. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249255.

Affected Software

VendorProductVersion RangeStatus
PolyTrio 8300n/aaffected
PolyTrio 8500n/aaffected
PolyTrio 8800n/aaffected
PolyTrio C60n/aaffected
PolyCCX 350n/aaffected
PolyCCX 400n/aaffected
PolyCCX 500n/aaffected
PolyCCX 505n/aaffected
PolyCCX 600n/aaffected
PolyCCX 700n/aaffected
PolyEDGE E100n/aaffected
PolyEDGE E220n/aaffected
PolyEDGE E300n/aaffected
PolyEDGE E320n/aaffected
PolyEDGE E350n/aaffected
PolyEDGE E400n/aaffected
PolyEDGE E450n/aaffected
PolyEDGE E500n/aaffected
PolyEDGE E550n/aaffected
PolyVVX 101n/aaffected
PolyVVX 150n/aaffected
PolyVVX 201n/aaffected
PolyVVX 250n/aaffected
PolyVVX 300n/aaffected
PolyVVX 301n/aaffected
PolyVVX 310n/aaffected
PolyVVX 311n/aaffected
PolyVVX 350n/aaffected
PolyVVX 400n/aaffected
PolyVVX 401n/aaffected
PolyVVX 410n/aaffected
PolyVVX 411n/aaffected
PolyVVX 450n/aaffected
PolyVVX 500n/aaffected
PolyVVX 501n/aaffected
PolyVVX 600n/aaffected
PolyVVX 601n/aaffected

Weaknesses

  • CWE-330: CWE-330 Insufficiently Random Values

ADP Enrichment

CVE Program Container

Additional References

References