Unknown
CVE-2023-28809
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2023-28809
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. To exploit the vulnerability, attackers have to request the session ID at the same time as a valid user logs in, and gain device operation permissions by forging the IP and session ID of an authenticated user.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
Products
- ds-k1t320efwx firmware -,
- ds-k1t320efx firmware -,
- ds-k1t320ewx firmware -,
- ds-k1t320ex firmware -,
- ds-k1t320mfwx firmware -,
- ds-k1t320mfx firmware -,
- ds-k1t320mwx firmware -,
- ds-k1t320mx firmware -,
- ds-k1t341am firmware -,
- ds-k1t341amf firmware -,
- ds-k1t341cm firmware -,
- ds-k1t343ewx firmware -,
- ds-k1t343ex firmware -,
- ds-k1t343mwx firmware -,
- ds-k1t343mx firmware -,
- ds-k1t671 firmware -,
- ds-k1t671m firmware -,
- ds-k1t671mf firmware -,
- ds-k1t671t firmware -,
- ds-k1t671tm firmware -,
- ds-k1t671tm-3xf firmware -,
- ds-k1t671tmf firmware -,
- ds-k1t671tmfw firmware -,
- ds-k1t671tmw firmware -,
- ds-k1t804af firmware -,
- ds-k1t804amf firmware -
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
