CVE-2023-5777
published 2023-11-06CVE-2023-5777: Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the…
PriorityP350critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.54%
41.1th percentile
Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public, which could result in obtaining remote control of the crash report server.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| weintek | easybuilder_pro | < v6.07.02 | v6.07.02 |
| weintek | easybuilder_pro | < 6.07.02 | 6.07.02 |
| weintek | easybuilder_pro | <= 6.08.01.592 | — |
| weintek | easybuilder_pro | >= 6.08.01.190 < 6.08.01.614 | 6.08.01.614 |
| weintek | easybuilder_pro | >= 6.08.02 < 6.08.02.500 | 6.08.02.500 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p4xg-8hf3-jqxq: Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finishe
ghsa_unreviewed·2023-11-06
CVE-2023-5777 [CRITICAL] CWE-798 GHSA-p4xg-8hf3-jqxq: Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finishe
Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public, which could result in obtaining remote control of the crash report server.
CISA ICS
Weintek EasyBuilder Pro
cisa_ics·2023-11-02·CVSS 9.8
[CRITICAL] Weintek EasyBuilder Pro
ICS Advisory
##
Weintek EasyBuilder Pro
Release DateNovember 02, 2023
Alert CodeICSA-23-306-05
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Weintek
- Equipment: EasyBuilder Pro
- Vulnerability: Use of Hard-coded Credentials
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to obtain remote control of a victim's computer as a privileged user.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following Weintek products are affected:
- EasyBuilder Pro: Versions prior to v6.07.02
- EasyBuilder Pro: Versions 6.08.01.592 and prior
- EasyBuilder Pro: Versions 6.08.02.470 and prior
## 3.2 Vulnerability Overview
3.2.1 USE OF HARD-CODED CREDENTIA
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-11-06
Published