Lucene search

[email protected]CVE-2023-29805

HistoryApr 14, 2023 - 2:15 p.m.

CVE-2023-29805

2023-04-1414:15:11

CWE-78

[email protected]

web.nvd.nist.gov

cve-2023-29805

wfs-sr03

command injection

vulnerability

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

55.7%

JSON

WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the pro_stor_canceltrans_handler_part_19 function.

Affected configurations

NVD

Node

iodatawfs-sr03w_firmwareMatch1.03

AND

iodatawfs-sr03wMatch-

Node

iodatawfs-sr03k_firmwareMatch1.03

AND

iodatawfs-sr03kMatch-

CPENameOperatorVersion
iodata:wfs-sr03w_firmwareiodata wfs-sr03w firmwareeq1.03

CPE	Name	Operator	Version
iodata:wfs-sr03w_firmware	iodata wfs-sr03w firmware	eq	1.03

References

sore-pail-31b.notion.site/Command-Injection-2-WFS-SR03-436d09790c2f4e31b197c39711e17775

Social References

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

55.7%

JSON

Related for CVE-2023-29805

prion1 nvd1 cvelist1