CVE-2023-52235

HIGH

SpaceX Starlink Wi-Fi router GEN 2 <2023.53.0 - SSRF

Title source: llm

Description

SpaceX Starlink Wi-Fi router GEN 2 before 2023.53.0 and Starlink Dish before 07dd2798-ff15-4722-a9ee-de28928aed34 allow CSRF (e.g., for a reboot) via a DNS Rebinding attack.

Exploits (1)

nomisec WORKING POC

by hackintoanetwork · poc

https://github.com/hackintoanetwork/CVE-2023-52235-PoC-SPACEX-STARLINK-DNS-Rebinding

View Code ZIP pw:eip

References (1)

[Various Sources] https://bugcrowd.com/disclosures/f529009b-90eb-4bf9-957d-6fe7ea890fa2/starlink-dishy-is-vulnerable-to-csrf-via-dns-rebinding

Scores

CVSS v3 8.8

EPSS 0.0008

EPSS Percentile 24.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-350

Status published

Published Apr 05, 2024

Tracked Since Feb 18, 2026