The MDS-G4028-L3 series and EDS-G512E series are affected by vulnerabilities that pose potential security risks. The MDS-G4028-L3 series is vulnerable to CVE-2023-48795, which could allow unauthorized access, as well as an outdated version of Nginx (CVE-2021-23017, CVE-2021-3618, and CVE-2019-20372), exposing it to unpatched threats. The EDS-G512E series is impacted by a weak SSL/TLS key exchange, which could compromise encrypted communications and potentially allow data interception.
The identified vulnerability types and potential impacts are listed below:
Item |
Vulnerability Type |
Impact |
1 |
CWE-354 Improper Validation of Integrity Check Value (CVE-2023-48795)
|
Integrity checks usually use a secret key that helps authenticate the data origin. Skipping integrity checking generally opens up the possibility that new data from an invalid source can be injected. |
2 |
CWE-193 Off-by-one Error (CVE-2021-23017) |
This weakness will generally lead to undefined behavior and therefore crashes. In the case of overflows involving loop index variables, the likelihood of infinite loops is also high. |
3 |
CWE-295 Improper Certificate Validation (CVE-2021-3618) |
Bypass protection mechanism or gain privileges or assume identity. |
4 |
CWE-444 Inconsistent Interpretation of HTTP Requests (‘HTTP Request/Response Smuggling’) (CVE-2019-20372) |
An attacker could create HTTP messages to exploit a number of weaknesses including 1) the message can trick the web server to associate a URL with another URL's webpage and caching the contents of the webpage (web cache poisoning attack), 2) the message can be structured to bypass the firewall protection mechanisms and gain unauthorized access to a web application, and 3) the message can invoke a script or a page that returns client credentials (similar to a Cross Site Scripting attack). |
5 |
CWE-326: Inadequate Encryption Strength |
An attacker may be able to decrypt the data using brute force attacks. |
Vulnerability Scoring Details
ID
|
Base Score
|
Vector
|
Unauthenticated Remote Exploits
|
CVE-2023-48795 |
5.9
|
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
|
Yes |
CVE-2021-23017 |
7.7 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L |
Yes |
CVE-2021-3618 |
7.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
Yes |
CVE-2019-20372 |
5.3 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Yes |