CVE-2023-47677 - Vulnerability Details - OpenCVE

A cross-site request forgery (csrf) vulnerability exists in the boa CSRF protection functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted network request can lead to CSRF. An attacker can send an HTTP request to trigger this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact total

Vendors	Products
Level1	Wbr-6013 Wbr-6013 Firmware
Level One	Wbr6013
Realtek	Rtl819x Jungle Software Development Kit Rtl819x Software Development Kit

Configuration 1 [-]

cpe:2.3:a:realtek:rtl819x_jungle_software_development_kit:3.4.11:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:level1:wbr-6013_firmware:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*

cpe:2.3:h:level1:wbr-6013:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1872
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1872

History

Tue, 04 Nov 2025 18:30:00 +0000

Type	Values Removed	Values Added
References		https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1872

Tue, 04 Nov 2025 18:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Level One Level One wbr6013 Realtek rtl819x Software Development Kit
CPEs		cpe:2.3:a:level_one:wbr6013:rer4_a_v3411b_2t2r_lev_09_170623:::::::* cpe:2.3:a:realtek:rtl819x_software_development_kit:3.4.11:::::::*
Vendors & Products		Level One Level One wbr6013 Realtek rtl819x Software Development Kit
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2024-07-08T15:25:39.653Z

Updated: 2025-11-04T17:12:55.687Z

Reserved: 2023-11-30T13:38:33.553Z

Link: CVE-2023-47677

Vulnrichment

Updated: 2025-11-04T17:12:55.687Z

NVD

Status : Modified

Published: 2024-07-08T16:15:04.120

Modified: 2025-11-04T18:15:42.710

Link: CVE-2023-47677

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2023-47677", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2023-11-30T13:38:33.553Z", "datePublished": "2024-07-08T15:25:39.653Z", "dateUpdated": "2025-11-04T17:12:55.687Z"}, "containers": {"cna": {"affected": [{"vendor": "LevelOne", "product": "WBR-6013", "versions": [{"version": "RER4_A_v3411b_2T2R_LEV_09_170623", "status": "affected"}]}, {"vendor": "Realtek", "product": "rtl819x Jungle SDK", "versions": [{"version": "v3.4.11", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A cross-site request forgery (csrf) vulnerability exists in the boa CSRF protection functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted network request can lead to CSRF. An attacker can send an HTTP request to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-352: Cross-Site Request Forgery (CSRF)", "type": "CWE", "cweId": "CWE-352"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-07-08T17:00:17.946Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1872", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1872"}], "credits": [{"lang": "en", "value": "Discovered by Francesco Benvenuto of Cisco Talos."}]}, "adp": [{"affected": [{"vendor": "realtek", "product": "rtl819x_software_development_kit", "cpes": ["cpe:2.3:a:realtek:rtl819x_software_development_kit:3.4.11:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3.4.11", "status": "affected"}]}, {"vendor": "level_one", "product": "wbr6013", "cpes": ["cpe:2.3:a:level_one:wbr6013:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "rer4_a_v3411b_2t2r_lev_09_170623", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-08T16:26:47.488279Z", "id": "CVE-2023-47677", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-08T16:27:11.913Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1872", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1872", "tags": ["x_transferred"]}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1872"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T17:12:55.687Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1872", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1872", "tags": ["x_transferred"]}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1872"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T17:12:55.687Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-47677", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-08T16:26:47.488279Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:realtek:rtl819x_software_development_kit:3.4.11:*:*:*:*:*:*:*"], "vendor": "realtek", "product": "rtl819x_software_development_kit", "versions": [{"status": "affected", "version": "3.4.11"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:level_one:wbr6013:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*"], "vendor": "level_one", "product": "wbr6013", "versions": [{"status": "affected", "version": "rer4_a_v3411b_2t2r_lev_09_170623"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-08T16:27:03.556Z"}}], "cna": {"credits": [{"lang": "en", "value": "Discovered by Francesco Benvenuto of Cisco Talos."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "LevelOne", "product": "WBR-6013", "versions": [{"status": "affected", "version": "RER4_A_v3411b_2T2R_LEV_09_170623"}]}, {"vendor": "Realtek", "product": "rtl819x Jungle SDK", "versions": [{"status": "affected", "version": "v3.4.11"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1872", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1872"}], "descriptions": [{"lang": "en", "value": "A cross-site request forgery (csrf) vulnerability exists in the boa CSRF protection functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted network request can lead to CSRF. An attacker can send an HTTP request to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352: Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-07-08T17:00:17.946Z"}}}, "cveMetadata": {"cveId": "CVE-2023-47677", "state": "PUBLISHED", "dateUpdated": "2025-11-04T17:12:55.687Z", "dateReserved": "2023-11-30T13:38:33.553Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2024-07-08T15:25:39.653Z", "assignerShortName": "talos"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:realtek:rtl819x_jungle_software_development_kit:3.4.11:*:*:*:*:*:*:*", "matchCriteriaId": "7891A085-C128-426B-A8BB-70E688CAAF65", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:level1:wbr-6013_firmware:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*", "matchCriteriaId": "79082BA3-FBC4-4F38-8897-37E70D7B83D3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:level1:wbr-6013:-:*:*:*:*:*:*:*", "matchCriteriaId": "59DE58EE-DF41-48A2-B048-65A0666808F1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A cross-site request forgery (csrf) vulnerability exists in the boa CSRF protection functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted network request can lead to CSRF. An attacker can send an HTTP request to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de cross-site request forgery (csrf) en la funcionalidad de protecci\u00f3n boa CSRF de Realtek rtl819x Jungle SDK v3.4.11. Una solicitud de red especialmente manipulada puede generar CSRF. Un atacante puede enviar una solicitud HTTP para desencadenar esta vulnerabilidad."}], "id": "CVE-2023-47677", "lastModified": "2025-11-04T18:15:42.710", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "talos-cna@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-08T16:15:04.120", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1872"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1872"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1872"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "talos-cna@cisco.com", "type": "Secondary"}]}