CVE-2023-27518
published 2023-05-23CVE-2023-27518: Buffer overflow vulnerability in the multiple setting pages of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to…
PriorityP355high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.52%
71.4th percentile
Buffer overflow vulnerability in the multiple setting pages of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute arbitrary code.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| contec | sv-cpt-mc310_firmware | < 8.10 | 8.10 |
| contec | sv-cpt-mc310f_firmware | < 8.10 | 8.10 |
| contec_co_ltd | solarview_compact | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cisa9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j7v5-xh5x-fj9j: Buffer overflow vulnerability in the multiple setting pages of SolarView Compact SV-CPT-MC310 versions prior to Ver
ghsa_unreviewed·2023-05-23
CVE-2023-27518 [HIGH] CWE-120 GHSA-j7v5-xh5x-fj9j: Buffer overflow vulnerability in the multiple setting pages of SolarView Compact SV-CPT-MC310 versions prior to Ver
Buffer overflow vulnerability in the multiple setting pages of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute arbitrary code.
CISA
Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability
cisa·2022-12-13·CVSS 9.8
CVE-2022-27518 [CRITICAL] CWE-664 Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability
Vulnerability: Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability
Affected: Citrix Application Delivery Controller (ADC) and Gateway
Citrix Application Delivery Controller (ADC) and Gateway, when configured with SAML SP or IdP configuration, contain an authentication bypass vulnerability that allows an attacker to execute code as administrator.
Required Action: Apply updates per vendor instructions.
Notes: https://www.citrix.com/blogs/2022/12/13/critical-security-update-now-available-for-citrix-adc-citrix-gateway/; https://nvd.nist.gov/vuln/detail/CVE-2022-27518
Remediation Due Date: 2023-01-03
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://jvn.jp/en/vu/JVNVU92106300/https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_solarview_230508.pdfhttps://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmwarehttps://jvn.jp/en/vu/JVNVU92106300/https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_solarview_230508.pdfhttps://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware
2023-05-23
Published