Lucene search

K
cve[email protected]CVE-2023-0776
HistoryFeb 11, 2023 - 1:23 a.m.

CVE-2023-0776

2023-02-1101:23:26
CWE-77
CWE-79
web.nvd.nist.gov
17
cve-2023-0776
baicells
nova 436q
nova 430e
neutrino 430
lte
tdd
firmware vulnerability
remote code execution
http
command injection
security vulnerability
root permission

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.5%

Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices with firmware through QRTB 2.12.7 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce.

Affected configurations

NVD
Node
baicellsneutrino_430_firmwareRangeqrtb_2.12.7
AND
baicellsneutrino_430Match-
Node
baicellsnova430lMatch-
AND
baicellsnova430l_firmwareRangeqrtb_2.12.7
Node
baicellsnova430eMatch-
AND
baicellsnova430e_firmwareRangeqrtb_2.12.7
Node
baicellsnova436qMatch-
AND
baicellsnova436q_firmwareRangeqrtb_2.12.7

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "2.12.x"
    ],
    "platforms": [
      "QRTB"
    ],
    "product": "Nova 436Q",
    "vendor": "Baicells",
    "versions": [
      {
        "changes": [
          {
            "at": "2.12.8",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.12.7",
        "status": "affected",
        "version": "0",
        "versionType": "patch"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "2.12.x"
    ],
    "platforms": [
      "QRTB"
    ],
    "product": "Nova 430E",
    "vendor": "Baicells",
    "versions": [
      {
        "changes": [
          {
            "at": "2.12.8",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.12.7",
        "status": "affected",
        "version": "0",
        "versionType": "patch"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "2.12.x"
    ],
    "platforms": [
      "QRTB"
    ],
    "product": "Nova 430I",
    "vendor": "Baicells",
    "versions": [
      {
        "changes": [
          {
            "at": "2.12.8",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.12.7",
        "status": "affected",
        "version": "0",
        "versionType": "patch"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "2.12.x",
      "0"
    ],
    "platforms": [
      "QRTB"
    ],
    "product": "Neutrino 430",
    "vendor": "Baicells",
    "versions": [
      {
        "changes": [
          {
            "at": "2.12.8",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.12.7",
        "status": "affected",
        "version": "0",
        "versionType": "patch"
      }
    ]
  }
]

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.5%

Related for CVE-2023-0776