Unrated severityNVD Advisory· Published Mar 5, 2024· Updated Oct 17, 2024

CVE-2023-45593

Description

A CWE-184 “Incomplete List of Disallowed Inputs” vulnerability in the embedded Chromium browser (concerning the handling of alternative URLs, other than “ http://localhost” ) allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and have other unspecified impacts to the confidentiality, integrity, and availability of the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A CWE-184 incomplete-input validation flaw in AiLux imx6 embedded Chromium lets a physical attacker read arbitrary files and alter device configuration.

Vulnerability

CVE-2023-45593 is a CWE-184 "Incomplete List of Disallowed Inputs" vulnerability in the embedded Chromium browser used in the AiLux imx6 bundle. The issue arises from improper handling of alternative URLs other than http://localhost, allowing an attacker to bypass input restrictions. This affects all AiLux imx6 bundle versions below imx6_1.0.7-2 [1].

Exploitation

A physical attacker with unauthenticated access to the device can exploit this by supplying alternative URLs to the embedded Chromium browser. The attack requires physical proximity to the device and no authentication, as the browser does not adequately filter disallowed inputs [1].

Impact

Successful exploitation enables the attacker to read arbitrary files on the file system, alter the embedded browser's configuration, and potentially achieve root Remote Code Execution. The CVSS v3.1 score is 6.8 (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high impacts on confidentiality, integrity, and availability [1].

Mitigation

The AiLux imx6 bundle version imx6_1.0.7-2 fixes this vulnerability. Users should update to this version or later. No workarounds or mitigations are detailed for unpatched versions [1].

References

CVE-2023-45593 | Nozomi Networks Labs

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

AiLux/imx6 bundlellm-create
Range: < imx6_1.0.7-2
AiLux/imx6 bundlev5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45593mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000