CVE-2023-39171: SENEC Storage Box V1,V2 and V3 accidentially expose a management interface
First published: Thu Dec 07 2023(Updated: )
SENEC Storage Box V1,V2 and V3 accidentially expose a management UI accessible with publicly known admin credentials.
Credit: info@cert.vde.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Enbw Senec Storage Box Firmware | <=2023-06-19 | |
| Enbw Senec Storage Box | =v1 | |
| All of | ||
| Enbw Senec Storage Box Firmware | <=2023-06-19 | |
| Enbw Senec Storage Box | =v2 | |
| All of | ||
| Enbw Senec Storage Box Firmware | <=2023-06-19 | |
| Enbw Senec Storage Box | =v3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-39171?
CVE-2023-39171 has a high severity due to the exposure of a management UI with publicly known admin credentials.
How do I fix CVE-2023-39171?
To fix CVE-2023-39171, change the default admin credentials and restrict access to the management UI.
What products are affected by CVE-2023-39171?
CVE-2023-39171 affects the SENEC Storage Box versions V1, V2, and V3 with firmware up to 2023-06-19.
What are the risks associated with CVE-2023-39171?
The risks include unauthorized access to system settings and potential control over the SENEC Storage Box.
Is there a patch available for CVE-2023-39171?
While no specific patch is mentioned, users should focus on securing the UI by changing admin credentials.
- collector/mitre-cve
- collector/nvd-api
- vendor/enbw
- canonical/enbw senec storage box firmware
- version/enbw senec storage box firmware/2023-06-19
- canonical/enbw senec storage box
- version/enbw senec storage box/v1
- version/enbw senec storage box/v2
- version/enbw senec storage box/v3