Lucene search

K
cve[email protected]CVE-2023-24508
HistoryJan 26, 2023 - 9:18 p.m.

CVE-2023-24508

2023-01-2621:18:19
CWE-79
web.nvd.nist.gov
23
baicells
nova
lte
tdd
enodeb
nova 246
firmware
rts
rtd
3.6.6
remote shell code
exploitation
http command injections
vulnerability
cve-2023-24508

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.1%

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and Nova 246 devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce.

Affected configurations

NVD
Node
baicellsrtd_firmwareRange<3.7.11.6
OR
baicellsrts_firmwareRange<3.7.11.6
AND
baicellsnova227Match-
OR
baicellsnova233Match-
OR
baicellsnova243Match-
OR
baicellsnova246Match-

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "3.6.6"
    ],
    "platforms": [
      "RTS",
      "RTD"
    ],
    "product": "Nova 227",
    "vendor": "Baicells",
    "versions": [
      {
        "changes": [
          {
            "at": "3.7.11.6",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.6.6",
        "status": "affected",
        "version": "0",
        "versionType": "patch"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "3.6.6"
    ],
    "platforms": [
      "RTS",
      "RTD"
    ],
    "product": "Nova 233",
    "vendor": "Baicells",
    "versions": [
      {
        "changes": [
          {
            "at": "3.7.11.6",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.6.6",
        "status": "affected",
        "version": "0",
        "versionType": "patch"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "3.6.6"
    ],
    "platforms": [
      "RTS",
      "RTD"
    ],
    "product": "Nova 246",
    "vendor": "Baicells",
    "versions": [
      {
        "changes": [
          {
            "at": "3.7.11.6",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.6.6",
        "status": "affected",
        "version": "0",
        "versionType": "patch"
      }
    ]
  }
]

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.1%

Related for CVE-2023-24508