connectize 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は vendor risk cross-site scripting and vendor risk csrf に関連することが多く、vendor surface production workloads and vendor surface software deployment の文脈で vendor impact session compromise などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-24052 | An issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via the change password functionality as it does not prompt for the current password. | [email protected] | 9.8 | 0.09% | 2023-12-04 | 2024-11-21 |
| CVE-2023-24051 | A client side rate limit issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via brute force style attacks. | [email protected] | 9.8 | 0.12% | 2023-12-04 | 2024-11-21 |
| CVE-2023-24050 | Cross Site Scripting (XSS) vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary code via crafted string when setting the Wi-Fi password in the admin panel. | [email protected] | 5.4 | 0.12% | 2023-12-04 | 2024-11-21 |
| CVE-2023-24049 | An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges on the device via poor credential management. | [email protected] | 9.8 | 0.12% | 2023-12-04 | 2025-05-29 |
| CVE-2023-24048 | Cross Site Request Forgery (CSRF) vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via crafted GET request to /man_password.htm. | [email protected] | 8.8 | 0.06% | 2023-12-04 | 2024-11-21 |
| CVE-2023-24047 | An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via use of weak hashing algorithm. | [email protected] | 6.8 | 0.03% | 2023-12-04 | 2024-11-21 |
| CVE-2023-24046 | An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary commands via use of a crafted string in the ping utility. | [email protected] | 6.8 | 0.05% | 2023-12-04 | 2024-11-21 |