QSearchQSearch

CVE-2023-3048

9.8 CRITICAL

Authorization Bypass Through User-Controlled Key vulnerability in TMT Lockcell allows Authentication Abuse, Authentication Bypass.This is...

Published: 2023-06-13 · Last updated: 2024-11-21

Severity and scoring

CVSS
9.8 CRITICAL
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-639

Affected products

VendorProduct
tmtmakinelockcell_firmware

Description

Authorization Bypass Through User-Controlled Key vulnerability in TMT Lockcell allows Authentication Abuse, Authentication Bypass.This issue affects Lockcell: before 15.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2023-3050 Reliance on Cookies without Validation and Integrity Checking in a Security Decision vulnerability in TMT Lockcell allows Privilege Abuse... (9.8 CRITICAL)
  • CVE-2023-3049 Unrestricted Upload of File with Dangerous Type vulnerability in TMT Lockcell allows Command Injection.This issue affects Lockcell: befor... (9.8 CRITICAL)
  • CVE-2023-3047 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TMT Lockcell allows SQL Injection.T... (9.8 CRITICAL)

Same CWE

  • CVE-2026-44692 Sharp is a content management framework built for Laravel as a package (7.7 HIGH)
  • CVE-2026-46558 Plane is an open-source project management tool (8.3 HIGH)
  • CVE-2026-53471 A flaw was found in migration-planner (9.6 CRITICAL)
  • CVE-2026-53470 A flaw was found in migration-planner (9.6 CRITICAL)
  • CVE-2026-45563 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers (4.3 MEDIUM)