CVE-2023-46306
CVE-2023-46306
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 8.4EPSS 1.0%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
22 out 2023Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
The web administration interface in NetModule Router Software (NRSW) 4.6 before 4.6.0.106 and 4.8 before 4.8.0.101 executes an OS command constructed with unsanitized user input: shell metacharacters in the /admin/gnssAutoAlign.php device_id parameter. This occurs because another thread can be started before the trap that triggers the cleanup function. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. NOTE: this is different from CVE-2023-0861 and CVE-2023-0862, which were fixed in version 4.6.0.105.
CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:C/UI:N
Produtos afetados
n/a · n/a