CVE-2023-3770

MEDIUM

ingepac DA3451 Firmware - Unauthenticated Information Disclosure via Discovery Port Protocol

Title source: llm

Description

Incorrect validation vulnerability of the data entered, allowing an attacker with access to the network on which the affected device is located to use the discovery port protocol (1925/UDP) to obtain device-specific information without the need for authentication.

References (1)

Core 1

Core References

Third Party Advisory

https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ingeteam-products

Scores

CVSS v3 5.3

EPSS 0.0035

EPSS Percentile 27.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-20 CWE-862

Status published

Products (1)

ingeteam/ingepac_da3451_firmware 0.29.2.42

Published Oct 02, 2023

Tracked Since Feb 18, 2026