NVD disclosure day

Published threat advisories for March 15, 2023

CVE-2023-28461

Array Networks SSL VPN Remote Code Execution Vulnerability

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A vulnerability in Array Networks SSL VPN gateways allows unauthenticated attackers to execute code by browsing the filesystem. This impacts organizations using affected devices, creating business risk through potential system compromise and data exposure.

NVD published: March 15, 2023 • CISA KEV

CVE advisoryKnown Exploit

CVE-2023-1389

TP-Link Router Command Injection Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A command injection vulnerability affects TP-Link Archer AX21 routers. An unauthenticated attacker can inject commands to gain root-level control of the device. This poses a business risk of unauthorized access and system compromise.

NVD published: March 15, 2023 • CISA KEV