CVE-2023-6198 - Vulnerability Details - OpenCVE

Use of Hard-coded Credentials vulnerability in Baicells Snap Router BaiCE_BMI on EP3011 (User Passwords modules) allows unauthorized access to the device.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://www.baicells.com

History

No history.

MITRE

Status: PUBLISHED

Assigner: Baicells

Published: 2024-06-25T01:34:56.567Z

Updated: 2024-08-02T08:21:18.118Z

Reserved: 2023-11-18T01:47:40.000Z

Link: CVE-2023-6198

Vulnrichment

Updated: 2024-08-02T08:21:18.118Z

NVD

Status : Deferred

Published: 2024-06-25T02:15:10.347

Modified: 2026-04-15T00:35:42.020

Link: CVE-2023-6198

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6198", "assignerOrgId": "084566ad-deee-4e89-acff-6b7b1bf9d4b7", "state": "PUBLISHED", "assignerShortName": "Baicells", "dateReserved": "2023-11-18T01:47:40.000Z", "datePublished": "2024-06-25T01:34:56.567Z", "dateUpdated": "2024-08-02T08:21:18.118Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["User Passwords"], "packageName": "BaiCE_BMI", "platforms": ["EP3011"], "product": "Snap Router", "vendor": "Baicells", "versions": [{"lessThanOrEqual": "BaiCE_BMI_1.3.5.10_NAC", "status": "affected", "version": "1.3.5.6", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "how2fish"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Use of Hard-coded Credentials vulnerability in Baicells Snap Router BaiCE_BMI on EP3011 (User Passwords modules) allows unauthorized access to the device. "}], "value": "Use of Hard-coded Credentials vulnerability in Baicells Snap Router BaiCE_BMI on EP3011 (User Passwords modules) allows unauthorized access to the device."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Unauthorized Access"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-798", "description": "CWE-798 Use of Hard-coded Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "084566ad-deee-4e89-acff-6b7b1bf9d4b7", "shortName": "Baicells", "dateUpdated": "2024-06-25T01:34:56.567Z"}, "references": [{"url": "https://www.baicells.com"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade EP3011 to <span style=\"background-color: rgb(248, 248, 248);\">version BaiCE_BMI_1.3.5.10_NAC or newer to resolve issue. </span>"}], "value": "Upgrade EP3011 to\u00a0version BaiCE_BMI_1.3.5.10_NAC or newer to resolve issue."}], "source": {"discovery": "UNKNOWN"}, "title": "Hard Coded Credential", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "baicells", "product": "ep3011_firmware", "cpes": ["cpe:2.3:o:baicells:ep3011_firmware:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.3.5.6", "status": "affected", "lessThanOrEqual": "1.3.5.10", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-26T19:19:15.332858Z", "id": "CVE-2023-6198", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-27T18:16:14.064Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:21:18.118Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.baicells.com", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.baicells.com", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:21:18.118Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-6198", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-26T19:19:15.332858Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:baicells:ep3011_firmware:-:*:*:*:*:*:*:*"], "vendor": "baicells", "product": "ep3011_firmware", "versions": [{"status": "affected", "version": "1.3.5.6", "versionType": "custom", "lessThanOrEqual": "1.3.5.10"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-27T18:14:03.715Z"}}], "cna": {"title": "Hard Coded Credential", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "how2fish"}], "impacts": [{"descriptions": [{"lang": "en", "value": "Unauthorized Access"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.3, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Baicells", "modules": ["User Passwords"], "product": "Snap Router", "versions": [{"status": "affected", "version": "1.3.5.6", "versionType": "custom", "lessThanOrEqual": "BaiCE_BMI_1.3.5.10_NAC"}], "platforms": ["EP3011"], "packageName": "BaiCE_BMI", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade EP3011 to\u00a0version BaiCE_BMI_1.3.5.10_NAC or newer to resolve issue.", "supportingMedia": [{"type": "text/html", "value": "Upgrade EP3011 to <span style=\"background-color: rgb(248, 248, 248);\">version BaiCE_BMI_1.3.5.10_NAC or newer to resolve issue. </span>", "base64": false}]}], "references": [{"url": "https://www.baicells.com"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Use of Hard-coded Credentials vulnerability in Baicells Snap Router BaiCE_BMI on EP3011 (User Passwords modules) allows unauthorized access to the device.", "supportingMedia": [{"type": "text/html", "value": "Use of Hard-coded Credentials vulnerability in Baicells Snap Router BaiCE_BMI on EP3011 (User Passwords modules) allows unauthorized access to the device. ", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-798", "description": "CWE-798 Use of Hard-coded Credentials"}]}], "providerMetadata": {"orgId": "084566ad-deee-4e89-acff-6b7b1bf9d4b7", "shortName": "Baicells", "dateUpdated": "2024-06-25T01:34:56.567Z"}}}, "cveMetadata": {"cveId": "CVE-2023-6198", "state": "PUBLISHED", "dateUpdated": "2024-08-02T08:21:18.118Z", "dateReserved": "2023-11-18T01:47:40.000Z", "assignerOrgId": "084566ad-deee-4e89-acff-6b7b1bf9d4b7", "datePublished": "2024-06-25T01:34:56.567Z", "assignerShortName": "Baicells"}, "dataVersion": "5.1"}