← Voltar para CVEs
CVE-2023-45593
MEDIUM6.8
Descricao
A CWE-184 “Incomplete List of Disallowed Inputs” vulnerability in the embedded Chromium browser (concerning the handling of alternative URLs, other than “ http://localhost” ) allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and have other unspecified impacts to the confidentiality, integrity, and availability of the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.
Detalhes CVE
Pontuacao CVSS v3.16.8
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataquePHYSICAL
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado3/5/2024
Ultima modificacao4/10/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
ailux:imx6
Fraquezas (CWE)
CWE-184
Referencias
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45593(prodsec@nozominetworks.com)
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45593(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.