CVE-2023-5777
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public, which could result in obtaining remote control of the crash report server.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Weintek | EasyBuilder Pro | 0 < v6.07.02 | affected |
| Weintek | EasyBuilder Pro | 0 <= 6.08.01.592 | affected |
| Weintek | EasyBuilder Pro | 0 <= 6.08.02.470 | affected |
Weaknesses
- CWE-798: CWE-798 Use of Hard-coded Credentials
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.