#VU86984 Insecure Default Initialization of Resource in OET-213H-BTS1 - CVE-2024-25972

Cybersecurity Help s.r.o.

Published: 2024-03-04

Vulnerability identifier: #VU86984

Vulnerability risk: Medium

CVSSv4.0: 6.2 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-25972

CWE-ID: CWE-1188

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
OET-213H-BTS1
Hardware solutions / Other hardware appliances

Vendor: Zhejiang Uniview Technologies

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected product does not perform an authorization check when processing the API requests. A remote attacker on the local network can configure and control the target product.

Mitigation
Install update from vendor's website.

Vulnerable software versions

OET-213H-BTS1: All versions

External links
https://www.atsumi.co.jp/info-20240229.html
https://www.atsumi.co.jp/pdf/oet-213h-bts1.pdf
https://jvn.jp/en/jp/JVN77203800/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Insecure Default Initialization of Resource in OET-213H-BTS1