Rely Pcie Firmware
CVE-2023-47579
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Relyum RELY-PCIe 22.2.1 devices suffer from a system group misconfiguration, allowing read access to the central password hash file of the operating system.
AnalysisAI
Relyum RELY-PCIe 22.2.1 devices suffer from a system group misconfiguration, allowing read access to the central password hash file of the operating system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-284. Relyum RELY-PCIe 22.2.1 devices suffer from a system group misconfiguration, allowing read access to the central password hash file of the operating system. Affected products include: Relyum Rely-Pcie Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Rely Pcie Firmware
View allAn issue discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 allows for unauthorized password changes due to no ch
RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the time_date function. Rat
RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_conf function. Rate
RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_mgmt function. Rate
RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a code injection vulnerability via the getParams function in phpi
RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain incorrect access control in the mService function at phpinf.php.
Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices are susceptible to Cross Site Request Forgery (CSRF) attacks due to
An issue was discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices, allowing authenticated command injection
An issue discovered in Relyum RELY-PCIe 22.2.1 devices. Rated high severity (CVSS 8.8), this vulnerability is remotely e
An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices. Rated medium severity (CVSS 6.1), this v
An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices. Rated medium severity (CVSS 5.9), this v
A stored cross-site scripting (XSS) vulnerability in the VLAN configuration of RELY-PCIe v22.2.1 to v23.1.0 allows attac
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today