CVE-2023-45194

Summary

Use of default credentials vulnerability in MR-GM2 firmware Ver. 3.00.03 and earlier, and MR-GM3 (-D/-K/-S/-DK/-DKS/-M/-W) firmware Ver. 1.03.45 and earlier allows a network-adjacent unauthenticated attacker to intercept wireless LAN communication, when the affected product performs the communication without changing the pre-shared key from the factory-default configuration.

Affected Software

VendorProductVersion RangeStatus
Micro Research Ltd.MR-GM2firmware Ver. 3.00.03 and earlieraffected
Micro Research Ltd.MR-GM3 (-D/-K/-S/-DK/-DKS/-M/-W)firmware Ver. 1.03.45 and earlieraffected

Weaknesses

  • Use of Hard-coded Credentials

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References