CVE-2023-31634
Last modified
CVE-2023-31634 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. In TeslaMate before 1.27.2, there is unauthorized access to port 4000 for remote viewing and operation of user data. After accessing the IP address for the TeslaMate instance, an attacker can switch the port to 3000 to enter Grafana for remote operations. EPSS estimates a 0.86% chance of exploitation in the next 30 days.
Description
In TeslaMate before 1.27.2, there is unauthorized access to port 4000 for remote viewing and operation of user data. After accessing the IP address for the TeslaMate instance, an attacker can switch the port to 3000 to enter Grafana for remote operations. At that time, the default username and password can be used to enter the Grafana management console without logging in, a related issue to CVE-2022-23126.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Teslamate | Teslamate | < 1.27.2 |
References
- https://github.com/XC9409/CVE-2023-31634/blob/main/PoCThird Party Advisory
- https://github.com/XC9409/CVE-2023-31634/blob/main/PoCThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2023-31634?
How severe is CVE-2023-31634?
How do I fix CVE-2023-31634?
Are you affected by CVE-2023-31634?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST