CVE-2023-51947
Severity CVSS v4.0:
Pending analysis
Type:
CWE-306
Missing Authentication for Critical Function
Publication date:
19/01/2024
Last modified:
20/06/2025
Description
Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without authentication.
Impact
Base Score 3.x
9.10
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:actidata:actinas_sl_2u-8_rdx_firmware:3.2.03:sp1:*:*:*:*:*:* | ||
| cpe:2.3:h:actidata:actinas_sl_2u-8_rdx:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://actinas-plus-sl-2u-8-rdx.com
- https://github.com/saw-your-packet/CVEs/blob/main/CVE-2023-51947/README.md
- https://www.actidata.com/index.php/de-de/actinas-plus-sl-2u-8-rdx
- http://actinas-plus-sl-2u-8-rdx.com
- https://github.com/saw-your-packet/CVEs/blob/main/CVE-2023-51947/README.md
- https://www.actidata.com/index.php/de-de/actinas-plus-sl-2u-8-rdx