CVE-2023-3263
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-3263
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass in the REST API due to the mishandling of special characters when parsing credentials.Successful exploitation allows the malicious agent to obtain a valid authorization token and read information relating to the state of the relays and power distribution.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用候选名称进行的认证绕过
Source: NVD (National Vulnerability Database)
Vulnerability Title
Dataprobe 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Dataprobe是美国Dataprobe公司的一系列智能电源开关和管理产品。 Dataprobe iBoot PDU 1.43.03312023 及之前版本存在安全漏洞,该漏洞源于容易受到 REST API 中身份验证绕过的攻击,攻击者利用该漏洞可以获取有效的授权令牌并读取与该身份验证相关的信息,继电器和配电的状态。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2023-3263
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-3263
请登录查看更多情报信息。
Same Patch Batch · Dataprobe · 2023-08-14 · 6 CVEs total
| CVE-2023-3259 | 9.8 CRITICAL | Dataprobe 代码问题漏洞 |
| CVE-2023-3261 | 7.5 HIGH | Dataprobe 操作系统命令注入漏洞 |
| CVE-2023-3260 | 7.2 HIGH | Dataprobe 操作系统命令注入漏洞 |
| CVE-2023-3262 | 6.7 MEDIUM | Dataprobe 信任管理问题漏洞 |
| CVE-2023-3264 | 6.7 MEDIUM | Dataprobe 信任管理问题漏洞 |
IV. Related Vulnerabilities
Same weakness: CWE-289
- CVE-2026-3184
Util-linux: util-linux: access control bypass due to imprope - CVE-2026-32036
OpenClaw < 2026.2.26- Authentication Bypass via Encoded Dot- - CVE-2026-23903
Apache Shiro: Auth bypass when accessing static files only o - CVE-2026-24058
Soft Serve has Critical Authentication Bypass - CVE-2025-14777
Keycloak: keycloak idor in realm client creating/deleting
V. Comments for CVE-2023-3263
No comments yet