CVE-2023-34723
Published: 25 August 2023
Summary
CVE-2023-34723 is a high-severity Link Following (CWE-59) vulnerability in Jaycar La5570 Firmware. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 10.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2023-34723 is an information disclosure vulnerability in the TechView LA-5570 Wireless Gateway running firmware version 1.0.19_T53. The flaw permits unauthenticated remote access to sensitive data by requesting the path /config/system.conf and is tracked under CWE-59 with a CVSS 3.1 base score of 7.5 reflecting network attack vector, low complexity, and high confidentiality impact without affecting integrity or availability.
An attacker with network access to the device can retrieve the contents of system.conf and thereby obtain credentials or other configuration details that facilitate further attacks such as privilege escalation. Public exploit code demonstrating directory traversal combined with privilege escalation has been published on Packet Storm and ExploitSecurity.io.
The EPSS score has remained low, moving only from a current value of 0.0435 to a recorded peak of 0.0511, indicating limited observed exploitation interest since disclosure on 25 August 2023. No vendor advisory or patch information is referenced in the available sources.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-38765
Vulnerability details
An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain sensitive information via /config/system.conf.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.