CVE-2023-22389

CVSS V2 None CVSS V3 None
Description
Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior store passwords in a plaintext file when the device configuration is exported via Save/Restore–>Backup Settings, which could be read by any user accessing the file.
Overview
  • CVE ID
  • CVE-2023-22389
  • Assigner
  • ics-cert@hq.dhs.gov
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-01-30T23:15:11
  • Last Modified Date
  • 2023-02-07T14:29:48
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:snapav:wattbox_wb-300-ip-3_firmware:*:*:*:*:*:*:*:* 1 OR wb10.9a17
cpe:2.3:h:snapav:wattbox_wb-300-ip-3:-:*:*:*:*:*:*:* 0 OR
References
Reference URL Reference Tags
https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-03 Third Party Advisory US Government Resource
History
Created Old Value New Value Data Type Notes
2023-04-17 06:58:49 Added to TrackCVE
2023-04-17 06:58:51 Weakness Enumeration new