← volver
CVE-2023-46306

CVE-2023-46306

CVSS 8.4 HIGHEPSS 1.0%CWE-78
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 8.4EPSS 1.0%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
22 oct 2023Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The web administration interface in NetModule Router Software (NRSW) 4.6 before 4.6.0.106 and 4.8 before 4.8.0.101 executes an OS command constructed with unsanitized user input: shell metacharacters in the /admin/gnssAutoAlign.php device_id parameter. This occurs because another thread can be started before the trap that triggers the cleanup function. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. NOTE: this is different from CVE-2023-0861 and CVE-2023-0862, which were fixed in version 4.6.0.105.
CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:C/UI:N
Productos afectados
n/a · n/a