CVE-2023-45194

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-45194
Use of default credentials vulnerability in MR-GM2 firmware Ver. 3.00.03 and earlier, and MR-GM3 (-D/-K/-S/-DK/-DKS/-M/-W) firmware Ver. 1.03.45 and earlier allows a network-adjacent unauthenticated attacker to intercept wireless LAN communication, when the affected product performs the communication without changing the pre-shared key from the factory-default configuration.

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://jvn.jp/en/vu/JVNVU99039725/ Third Party Advisory
https://www.mrl.co.jp/20231005_security/ Patch Vendor Advisory
https://jvn.jp/en/vu/JVNVU99039725/ Third Party Advisory
https://www.mrl.co.jp/20231005_security/ Patch Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:mrl:mr-gm3-d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mrl:mr-gm3-d:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:mrl:mr-gm3-k_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mrl:mr-gm3-k:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:mrl:mr-gm3-s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mrl:mr-gm3-s:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:mrl:mr-gm3-dks_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mrl:mr-gm3-dks:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:mrl:mr-gm3-m_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mrl:mr-gm3-m:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:mrl:mr-gm2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mrl:mr-gm2:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:mrl:mr-gm3-w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mrl:mr-gm3-w:-:*:*:*:*:*:*:*
History

21 Nov 2024, 08:26

Type Values Removed Values Added
References () https://jvn.jp/en/vu/JVNVU99039725/ - Third Party Advisory () https://jvn.jp/en/vu/JVNVU99039725/ - Third Party Advisory
References () https://www.mrl.co.jp/20231005_security/ - Patch, Vendor Advisory () https://www.mrl.co.jp/20231005_security/ - Patch, Vendor Advisory

31 Oct 2023, 18:08

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.3
CWE CWE-798
CPE cpe:2.3:h:mrl:mr-gm2:-:*:*:*:*:*:*:*
cpe:2.3:o:mrl:mr-gm3-m_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mrl:mr-gm3-w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mrl:mr-gm3-k_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mrl:mr-gm3-k:-:*:*:*:*:*:*:*
cpe:2.3:h:mrl:mr-gm3-d:-:*:*:*:*:*:*:*
cpe:2.3:h:mrl:mr-gm3-s:-:*:*:*:*:*:*:*
cpe:2.3:o:mrl:mr-gm3-dks_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mrl:mr-gm3-s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mrl:mr-gm3-m:-:*:*:*:*:*:*:*
cpe:2.3:o:mrl:mr-gm2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mrl:mr-gm3-w:-:*:*:*:*:*:*:*
cpe:2.3:o:mrl:mr-gm3-d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:mrl:mr-gm3-dks:-:*:*:*:*:*:*:*
References (MISC) https://www.mrl.co.jp/20231005_security/ - (MISC) https://www.mrl.co.jp/20231005_security/ - Patch, Vendor Advisory
References (MISC) https://jvn.jp/en/vu/JVNVU99039725/ - (MISC) https://jvn.jp/en/vu/JVNVU99039725/ - Third Party Advisory
First Time Mrl mr-gm3-w
Mrl mr-gm3-w Firmware
Mrl mr-gm3-m
Mrl mr-gm2 Firmware
Mrl mr-gm3-k Firmware
Mrl mr-gm2
Mrl mr-gm3-m Firmware
Mrl mr-gm3-d
Mrl mr-gm3-s Firmware
Mrl mr-gm3-k
Mrl mr-gm3-d Firmware
Mrl mr-gm3-dks
Mrl mr-gm3-dks Firmware
Mrl mr-gm3-s
Mrl

11 Oct 2023, 01:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-10-11 01:15

Updated : 2024-11-21 08:26

NVD link : CVE-2023-45194

Mitre link : CVE-2023-45194

CVE.ORG link : CVE-2023-45194

JSON object : View

Products Affected

mrl

  • mr-gm3-w_firmware
  • mr-gm3-s_firmware
  • mr-gm3-m_firmware
  • mr-gm3-dks_firmware
  • mr-gm3-dks
  • mr-gm2_firmware
  • mr-gm3-m
  • mr-gm3-s
  • mr-gm2
  • mr-gm3-k_firmware
  • mr-gm3-d_firmware
  • mr-gm3-k
  • mr-gm3-w
  • mr-gm3-d
CWE
CWE-798

Use of Hard-coded Credentials