Login Sign Up

CVE-2023-5499

7.5 HIGH

📋 TL;DR

This vulnerability allows remote attackers to access sensitive information from Shenzhen Reachfar v28 devices by retrieving log files from the 'log2' directory. Affected users include anyone using the vulnerable version of this device, potentially exposing personal data like WiFi networks, messages, and device locations.

💻 Affected Systems

Products:
  • Shenzhen Reachfar v28
Versions: v28 (specific build/version details not specified in references)
Operating Systems: Embedded/Proprietary OS
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running the vulnerable version appear to be affected based on the advisory.

📦 What is this software?

Reachfar Gps Firmware by Reachfargps

View all CVEs affecting Reachfar Gps Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of personal privacy including location tracking history, all sent messages, device configurations, and network credentials leading to identity theft or physical security risks.

🟠

Likely Case

Exposure of sensitive personal information including location history, messages, and WiFi network details that could be used for social engineering or unauthorized access.

🟢

If Mitigated

Limited exposure if logs are regularly purged or if the device is behind strong network segmentation, though the vulnerability remains exploitable.

🌐 Internet-Facing: HIGH - The vulnerability allows remote exploitation without authentication, making internet-exposed devices particularly vulnerable.
🏢 Internal Only: MEDIUM - Internal attackers or malware could still exploit this, but requires network access to the device.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability appears to be a simple directory traversal or improper access control issue requiring minimal technical skill to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified

Vendor Advisory: Not provided in references

Restart Required: No

Instructions:

No official patch instructions available. Contact vendor for updated firmware.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate the device from untrusted networks and internet exposure

Access Control Lists

all

Implement strict firewall rules to limit access to the device

🧯 If You Can't Patch

  • Disconnect device from networks when not in use
  • Regularly monitor for unauthorized access attempts and review device logs

🔍 How to Verify

Check if Vulnerable:

Attempt to access the log2 directory via HTTP/HTTPS requests to the device IP

Check Version:

Check device firmware version through device interface or vendor documentation

Verify Fix Applied:

Test if log2 directory access returns proper access denied or 404 errors

📡 Detection & Monitoring

Log Indicators:

  • Unusual access patterns to log directories
  • Multiple failed then successful access attempts to log2 path

Network Indicators:

  • HTTP requests to /log2/ or similar paths from unexpected sources
  • Traffic spikes to device log endpoints

SIEM Query:

source_ip=* AND (url_path CONTAINS 'log2' OR url_path CONTAINS 'logs') AND device_type='Shenzhen Reachfar'

📊 Metadata

CVE ID: CVE-2023-5499
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-532
Published: October 10, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-5499, you might also want to check these:

CVE-2021-32724 9.9

CVE-2021-32724 is a critical vulnerability in the check-spelling GitHub Action that allows attackers...

Same vulnerability type (CWE-532)
CVE-2022-36407 9.9

This vulnerability allows local users to gain sensitive information through insertion of sensitive d...

Same vulnerability type (CWE-532)
CVE-2025-6391 9.8

Brocade ASCG versions before 3.3.0 log JSON Web Tokens (JWT) in plain text within log files. Attacke...

Same vulnerability type (CWE-532)