{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T06:16:13.384","vulnerabilities":[{"cve":{"id":"CVE-2023-49255","sourceIdentifier":"cvd@cert.pl","published":"2024-01-12T15:15:09.083","lastModified":"2025-06-03T14:15:31.060","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The router console is accessible without authentication at \"data\" field, and while a user needs to be logged in in order to modify the configuration, the session state is shared. If any other user is currently logged in, the anonymous user can execute commands in the context of the authenticated one. If the logged in user has administrative privileges, it is possible to use webadmin service configuration commands to create a new admin user with a chosen password."},{"lang":"es","value":"Se puede acceder a la consola del enrutador sin autenticación en el campo \"data\" y, si bien es necesario que un usuario inicie sesión para modificar la configuración, el estado de la sesión se comparte. Si algún otro usuario ha iniciado sesión actualmente, el usuario anónimo puede ejecutar comandos en el contexto del autenticado. Si el usuario que inició sesión tiene privilegios administrativos, es posible utilizar los comandos de configuración del servicio webadmin para crear un nuevo usuario administrador con una contraseña elegida."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:hongdian:h8951-4g-esp_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"2310271149","matchCriteriaId":"4391599E-AC50-4409-B8DE-D86CD4EACA35"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:hongdian:h8951-4g-esp:-:*:*:*:*:*:*:*","matchCriteriaId":"3B44C0C6-3995-43DB-9B49-78110E5E7A43"}]}]}],"references":[{"url":"https://cert.pl/en/posts/2024/01/CVE-2023-49253/","source":"cvd@cert.pl","tags":["Third Party Advisory"]},{"url":"https://cert.pl/posts/2024/01/CVE-2023-49253/","source":"cvd@cert.pl","tags":["Third Party Advisory"]},{"url":"https://cert.pl/en/posts/2024/01/CVE-2023-49253/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://cert.pl/posts/2024/01/CVE-2023-49253/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}