CVE-2023-5984

MEDIUM Year: 2023
CVSS v3 Score
4.9
Medium
Weakness Type
CWE-494
View all →

Vulnerability Description

A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow modified firmware to be uploaded when an authorized admin user begins a firmware update procedure which could result in full control over the device.

Related Vulnerabilities

CVE-2023-5630

MEDIUM
CVSS:4.9(Medium)

A CWE-494: Download of Code Without Integrity Check vulnerability exists that could allow a privileged user to install an untrusted firmware.

CWE-4942023

CVE-2022-46428

MEDIUM
CVSS:4.8(Medium)

TP-Link TL-WR1043ND V1 3.13.15 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update...

CWE-4942022

CVE-2022-46430

MEDIUM
CVSS:4.8(Medium)

TP-Link TL-WR740N V1 and V2 v3.12.4 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware u...

CWE-4942022

CVE-2010-3440

MEDIUM
CVSS:5.5(Medium)

babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files.

CWE-4942010

CVE-2020-25266

MEDIUM
CVSS:5.5(Medium)

AppImage appimaged before 1.0.3 does not properly check whether a downloaded file is a valid appimage. For example, it will accept a crafted mp3 file that contains an appimage, and install it.

CWE-4942020

CVE-2021-30658

MEDIUM
CVSS:5.5(Medium)

This issue was addressed with improved handling of file metadata. This issue is fixed in macOS Big Sur 11.3. A malicious application may bypass Gatekeeper checks.

CWE-4942021