CVE-2023-43478
Unauthenticated configuration restore and firmware update
Vexday Risk Score
26Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.8EPSS 17.4%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
20 Sep 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, allows unauthenticated attackers to upload firmware images and configuration backups, which could allow them to alter the firmware or the configuration on the device, ultimately leading to code execution as root.
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Telstra · Smart Modem Gen 2 (Arcadyan LH1000)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →