CVE-2023-0861

CVSS V2 None CVSS V3 None
Description
NetModule NSRW web administration interface executes an OS command constructed with unsanitized user input. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103.
Overview
  • CVE ID
  • CVE-2023-0861
  • Assigner
  • research@onekey.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-02-16T09:15:10
  • Last Modified Date
  • 2023-02-24T18:11:38
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:netmodule:netmodule_router_software:*:*:*:*:*:*:*:* 1 OR 4.3.0.0 4.3.0.119
cpe:2.3:a:netmodule:netmodule_router_software:*:*:*:*:*:*:*:* 1 OR 4.4.0.0 4.4.0.118
cpe:2.3:a:netmodule:netmodule_router_software:*:*:*:*:*:*:*:* 1 OR 4.6.0.0 4.6.0.105
cpe:2.3:a:netmodule:netmodule_router_software:*:*:*:*:*:*:*:* 1 OR 4.7.0.0 4.7.0.103
History
Created Old Value New Value Data Type Notes
2023-04-17 07:49:50 Added to TrackCVE
2023-04-17 07:49:51 Weakness Enumeration new