Lucene search

[email protected]CVE-2023-0776

HistoryFeb 11, 2023 - 1:23 a.m.

CVE-2023-0776

2023-02-1101:23:26

CWE-77

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-0776

baicells

nova 436q

nova 430e

neutrino 430

lte

tdd

firmware vulnerability

remote code execution

http

command injection

security vulnerability

root permission

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.7%

JSON

Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices with firmware through QRTB 2.12.7 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce.

Affected configurations

NVD

Node

baicellsneutrino_430_firmwareRange≤qrtb_2.12.7

AND

baicellsneutrino_430Match-

Node

baicellsnova430lMatch-

AND

baicellsnova430l_firmwareRange≤qrtb_2.12.7

Node

baicellsnova430eMatch-

AND

baicellsnova430e_firmwareRange≤qrtb_2.12.7

Node

baicellsnova436qMatch-

AND

baicellsnova436q_firmwareRange≤qrtb_2.12.7

CPENameOperatorVersion
baicells:neutrino_430_firmwarebaicells neutrino 430 firmwareleqrtb_2.12.7

CPE	Name	Operator	Version
baicells:neutrino_430_firmware	baicells neutrino 430 firmware	le	qrtb_2.12.7

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "2.12.x"
    ],
    "platforms": [
      "QRTB"
    ],
    "product": "Nova 436Q",
    "vendor": "Baicells",
    "versions": [
      {
        "changes": [
          {
            "at": "2.12.8",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.12.7",
        "status": "affected",
        "version": "0",
        "versionType": "patch"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "2.12.x"
    ],
    "platforms": [
      "QRTB"
    ],
    "product": "Nova 430E",
    "vendor": "Baicells",
    "versions": [
      {
        "changes": [
          {
            "at": "2.12.8",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.12.7",
        "status": "affected",
        "version": "0",
        "versionType": "patch"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "2.12.x"
    ],
    "platforms": [
      "QRTB"
    ],
    "product": "Nova 430I",
    "vendor": "Baicells",
    "versions": [
      {
        "changes": [
          {
            "at": "2.12.8",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.12.7",
        "status": "affected",
        "version": "0",
        "versionType": "patch"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "2.12.x",
      "0"
    ],
    "platforms": [
      "QRTB"
    ],
    "product": "Neutrino 430",
    "vendor": "Baicells",
    "versions": [
      {
        "changes": [
          {
            "at": "2.12.8",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.12.7",
        "status": "affected",
        "version": "0",
        "versionType": "patch"
      }
    ]
  }
]

References

baicells.com/Service/Firmware

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.7%

JSON

Related for CVE-2023-0776

cvelist1 prion1 ics1 nvd1