CVE-2023-45194
Severity CVSS v4.0:
Pending analysis
Type:
CWE-798
Use of Hard-coded Credentials
Publication date:
11/10/2023
Last modified:
31/10/2023
Description
Use of default credentials vulnerability in MR-GM2 firmware Ver. 3.00.03 and earlier, and MR-GM3 (-D/-K/-S/-DK/-DKS/-M/-W) firmware Ver. 1.03.45 and earlier allows a network-adjacent unauthenticated attacker to intercept wireless LAN communication, when the affected product performs the communication without changing the pre-shared key from the factory-default configuration.
Impact
Base Score 3.x
4.30
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:mrl:mr-gm3-d_firmware:*:*:*:*:*:*:*:* | 1.04.00 (excluding) | |
| cpe:2.3:h:mrl:mr-gm3-d:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:mrl:mr-gm3-k_firmware:*:*:*:*:*:*:*:* | 1.04.00 (excluding) | |
| cpe:2.3:h:mrl:mr-gm3-k:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:mrl:mr-gm3-s_firmware:*:*:*:*:*:*:*:* | 1.04.00 (excluding) | |
| cpe:2.3:h:mrl:mr-gm3-s:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:mrl:mr-gm3-dks_firmware:*:*:*:*:*:*:*:* | 1.04.00 (excluding) | |
| cpe:2.3:h:mrl:mr-gm3-dks:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:mrl:mr-gm3-m_firmware:*:*:*:*:*:*:*:* | 1.04.00 (excluding) | |
| cpe:2.3:h:mrl:mr-gm3-m:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:mrl:mr-gm2_firmware:*:*:*:*:*:*:*:* | 3.01.00 (excluding) | |
| cpe:2.3:h:mrl:mr-gm2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:mrl:mr-gm3-w_firmware:*:*:*:*:*:*:*:* | 1.04.00 (excluding) | |
| cpe:2.3:h:mrl:mr-gm3-w:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page