How severe is CVE-2023-6248?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2023-6248?

This is classified as CWE-94, which is a common weakness in software security.

CVE-2023-6248

CRITICAL Year: 2023

CVSS v3 Score

9.8

Critical

Weakness Type

CWE-94

View all →

Vulnerability Description

The Syrus4 IoT gateway utilizes an unsecured MQTT server to download and execute arbitrary commands, allowing a remote unauthenticated attacker to execute code on any Syrus4 device connected to the cloud service. The MQTT server also leaks the location, video and diagnostic data from each connected device. An attacker who knows the IP address of the server is able to connect and perform the following operations: * Get location data of the vehicle the device is connected to * Send CAN bus messages via the ECU module ( https://syrus.digitalcomtech.com/docs/ecu-1 https://syrus.digitalcomtech.com/docs/ecu-1 ) * Immobilize the vehicle via the safe-immobilizer module ( https://syrus.digitalcomtech.com/docs/system-tools#safe-immobilization https://syrus.digitalcomtech.com/docs/system-tools#safe-immobilization ) * Get live video through the connected video camera * Send audio messages to the driver ( https://syrus.digitalcomtech.com/docs/system-tools#apx-tts https://syrus.digitalcomtech.com/docs/system-tools#apx-tts )

CVE-2006-3136

CRITICAL

CVSS:9.8(Critical)

Multiple PHP remote file inclusion vulnerabilities in Nucleus 3.23 allow remote attackers to execute arbitrary PHP code via a URL the DIR_LIBS parameter in (1) path/action.php, and to files in path/nu...

CWE-942006

CVE-2006-5021

CRITICAL

CVSS:9.8(Critical)

Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the root parameter in imgen.php, and the root_path parame...

CWE-942006

CVE-2006-5610

CRITICAL

CVSS:9.8(Critical)

PHP remote file inclusion vulnerability in player/includes/common.php in Teake Nutma Foing, as modified in Fully Modded phpBB (phpbbfm) 2021.4.40, allows remote attackers to execute arbitrary PHP code...

CWE-942006

CVE-2006-6975

CRITICAL

CVSS:9.8(Critical)

PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.3 allows remote attackers to execute arbitrary code via a URL in the class_pwd parameter. NOTE: this issue has been disp...

CWE-942006

CVE-2006-7105

CRITICAL

CVSS:9.8(Critical)

PHP remote file inclusion vulnerability in libs/Smarty.class.php in Smarty 2.6.9 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter. NOTE: in the original disclo...

CWE-942006

CVE-2007-4290

CRITICAL

CVSS:9.8(Critical)

Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code via a URL in the script_root parameter to (1) delete.php, (2) edit.php, ...

CWE-942007

CVE-2023-6248

Vulnerability Description

Related Vulnerabilities

CVE-2006-3136

CVE-2006-5021

CVE-2006-5610

CVE-2006-6975

CVE-2006-7105

CVE-2007-4290