elenos 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk input validation があり、vendor surface production workloads and vendor surface software deployment の利用場面で vendor impact unexpected behavior などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-39695 | Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 allows attackers to arbitrarily change transmitter configuration and data after logging out. | [email protected] | 5.3 | 0.06% | 2023-10-31 | 2024-11-21 |
| CVE-2023-37833 | Improper access control in Elenos ETG150 FM transmitter v3.12 allows attackers to make arbitrary configuration edits that are only accessed by privileged users. | [email protected] | 2.7 | 0.05% | 2023-10-31 | 2024-11-21 |
| CVE-2023-37832 | A lack of rate limiting in Elenos ETG150 FM transmitter v3.12 allows attackers to obtain user credentials via brute force and cause other unspecified impacts. | [email protected] | 7.5 | 0.24% | 2023-10-31 | 2024-11-21 |
| CVE-2023-37831 | An issue discovered in Elenos ETG150 FM transmitter v3.12 allows attackers to enumerate user accounts based on server responses when credentials are submitted. | [email protected] | 5.3 | 0.19% | 2023-10-31 | 2024-11-21 |
| CVE-2023-45396 | An Insecure Direct Object Reference (IDOR) vulnerability leads to events profiles access in Elenos ETG150 FM transmitter running on version 3.12. | [email protected] | 6.5 | 0.16% | 2023-10-11 | 2024-11-21 |
| CVE-2023-34673 | Elenos ETG150 FM transmitter running on version 3.12 was discovered to be leaking SMTP credentials and other sensitive information by exploiting the publicly accessible Memcached service. The attack can occur over the public Internet in some cases. | [email protected] | 6.5 | 0.09% | 2023-06-23 | 2024-11-21 |
| CVE-2023-34672 | Improper Access Control leads to adding a high-privilege user affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role within the admin profile. An attack could occur over the public Internet in some cases. | [email protected] | 8.8 | 0.08% | 2023-06-23 | 2024-12-05 |
| CVE-2023-34671 | Improper Access Control leads to privilege escalation affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role in the user profile. An attack could occur over the public Internet in some cases. | [email protected] | 8.8 | 0.15% | 2023-06-23 | 2024-11-21 |