← Back to CVEs
CVE-2023-45593
MEDIUM6.8
Description
A CWE-184 “Incomplete List of Disallowed Inputs” vulnerability in the embedded Chromium browser (concerning the handling of alternative URLs, other than “ http://localhost” ) allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and have other unspecified impacts to the confidentiality, integrity, and availability of the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.
CVE Details
CVSS v3.1 Score6.8
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorPHYSICAL
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published3/5/2024
Last Modified4/10/2025
Sourcenvd
Honeypot Sightings0
Affected Products
ailux:imx6
Weaknesses (CWE)
CWE-184
References
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45593(prodsec@nozominetworks.com)
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45593(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.