CVE-2023-3703 - Vulnerability Details

Proscend Advice ICR Series routers FW version 1.76 - CWE-1392: Use of Default Credentials

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00077.

Exploitation none

Automatable yes

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Proscend Advice

ICR Series routers FW

unaffected

Version	Status	Constraints
`version 1.76`	affected	< Upgrade to fw version 2.24.

Configuration 1 [-]

AND

cpe:2.3:o:proscend:m357-5g_firmware:1.76:*:*:*:*:*:*:*

cpe:2.3:h:proscend:m357-5g:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:proscend:m357-ai_firmware:1.76:*:*:*:*:*:*:*

cpe:2.3:h:proscend:m357-ai:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:proscend:m350-5g_firmware:1.76:*:*:*:*:*:*:*

cpe:2.3:h:proscend:m350-5g:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:proscend:m350-w5g_firmware:1.76:*:*:*:*:*:*:*

cpe:2.3:h:proscend:m350-w5g:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:proscend:m350-6_firmware:1.76:*:*:*:*:*:*:*

cpe:2.3:h:proscend:m350-6:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:proscend:m350-w6_firmware:1.76:*:*:*:*:*:*:*

cpe:2.3:h:proscend:m350-w6:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:proscend:m331_firmware:1.76:*:*:*:*:*:*:*

cpe:2.3:h:proscend:m331:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:proscend:m330-w_firmware:1.76:*:*:*:*:*:*:*

cpe:2.3:h:proscend:m330-w:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:proscend:m330-w5_firmware:1.76:*:*:*:*:*:*:*

cpe:2.3:h:proscend:m330-w5:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:proscend:m301-g_firmware:1.76:*:*:*:*:*:*:*

cpe:2.3:h:proscend:m301-g:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:proscend:m301-gw_firmware:1.76:*:*:*:*:*:*:*

cpe:2.3:h:proscend:m301-gw:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:proscend:m560-5g_firmware:1.76:*:*:*:*:*:*:*

cpe:2.3:h:proscend:m560-5g:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:proscend:m360-p_firmware:1.76:*:*:*:*:*:*:*

cpe:2.3:h:proscend:m360-p:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:proscend:a551i-f1_firmware:1.76:*:*:*:*:*:*:*

cpe:2.3:h:proscend:a551i-f1:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:proscend:a552i-f1_firmware:1.76:*:*:*:*:*:*:*

cpe:2.3:h:proscend:a552i-f1:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:proscend:a510-f1_firmware:1.76:*:*:*:*:*:*:*

cpe:2.3:h:proscend:a510-f1:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:proscend:a520i-f1_firmware:1.76:*:*:*:*:*:*:*

cpe:2.3:h:proscend:a520i-f1:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:proscend:a551i-f4_firmware:1.76:*:*:*:*:*:*:*

cpe:2.3:h:proscend:a551i-f4:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:proscend:a543i-l1_firmware:1.76:*:*:*:*:*:*:*

cpe:2.3:h:proscend:a543i-l1:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:proscend:a510-l1_firmware:1.76:*:*:*:*:*:*:*

cpe:2.3:h:proscend:a510-l1:-:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Proscend Subscribe	A510-f1 Subscribe A510-f1 Firmware Subscribe A510-l1 Subscribe A510-l1 Firmware Subscribe A520i-f1 Subscribe A520i-f1 Firmware Subscribe A543i-l1 Subscribe A543i-l1 Firmware Subscribe A551i-f1 Subscribe A551i-f1 Firmware Subscribe A551i-f4 Subscribe A551i-f4 Firmware Subscribe A552i-f1 Subscribe A552i-f1 Firmware Subscribe Icr Series Routers Fw Subscribe M301-g Subscribe M301-g Firmware Subscribe M301-gw Subscribe M301-gw Firmware Subscribe M330-w Subscribe M330-w5 Subscribe M330-w5 Firmware Subscribe M330-w Firmware Subscribe M331 Subscribe M331 Firmware Subscribe M350-5g Subscribe M350-5g Firmware Subscribe M350-6 Subscribe M350-6 Firmware Subscribe M350-w5g Subscribe M350-w5g Firmware Subscribe M350-w6 Subscribe M350-w6 Firmware Subscribe M357-5g Subscribe M357-5g Firmware Subscribe M357-ai Subscribe M357-ai Firmware Subscribe M360-p Subscribe M360-p Firmware Subscribe M560-5g Subscribe M560-5g Firmware Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2023-44338	Proscend Advice ICR Series routers FW version 1.76 - CWE-1392: Use of Default Credentials

Fixes

Solution

Upgrade to fw version 2.24.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.gov.il/en/Departments/faq/cve_advisories

History

Mon, 30 Sep 2024 21:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Proscend icr Series Routers Fw
CPEs		cpe:2.3:a:proscend:icr_series_routers_fw::::::::
Vendors & Products		Proscend icr Series Routers Fw
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: INCD

Published: 2023-09-03T14:19:26.169Z

Updated: 2024-09-30T20:46:08.395Z

Reserved: 2023-07-17T09:45:14.295Z

Link: CVE-2023-3703

Vulnrichment

Updated: 2024-08-02T07:01:57.368Z

NVD

Status : Modified

Published: 2023-09-03T15:15:14.647

Modified: 2024-11-21T08:17:52.740

Link: CVE-2023-3703

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-1392

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object