CVE-2023-49340

CVSS 9.8 CRITICALEPSS 0.9%CWE-1390 CWE-287

In short

The Newland Nquire 1000 kiosk has a flaw in its web management portal that allows remote attackers to bypass login requirements and gain unauthorized administrative access without proper credentials.

Technical detail

CWE-287 (improper authentication) and CWE-1390 (weak access control) in the web management interface permit unauthenticated remote attackers to escalate privileges. The vulnerability stems from insufficient validation of user authorization, enabling direct access to administrative functions that should require authentication.

Summary generated and translated by AI from the official description.

An issue was discovered in Newland Nquire 1000 Interactive Kiosk version NQ1000-II_G_V1.00.011, allows remote attackers to escalate privileges and bypass authentication via incorrect access control in the web management portal.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/n0obit4/Vulnerability_Disclosure/tree/main/CVE-2023-49340