Lucene search

TR-CERTCVE-2023-3049

HistoryJun 13, 2023 - 12:15 p.m.

CVE-2023-3049

2023-06-1312:15:09

CWE-434

TR-CERT

web.nvd.nist.gov

cve-2023-3049

unrestricted file upload

tmt lockcell

command injection

security vulnerability

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.01

Percentile

83.4%

JSON

Unrestricted Upload of File with Dangerous Type vulnerability in TMT Lockcell allows Command Injection.This issue affects Lockcell: before 15.

Affected configurations

Nvd

Node

tmtmakinelockcell_firmwareRange<15.0

AND

tmtmakinelockcellMatch-

VendorProductVersionCPE
tmtmakinelockcell_firmware*cpe:2.3:o:tmtmakine:lockcell_firmware:*:*:*:*:*:*:*:*
tmtmakinelockcell-cpe:2.3:h:tmtmakine:lockcell:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tmtmakine	lockcell_firmware	*	cpe:2.3:o:tmtmakine:lockcell_firmware::::::::
tmtmakine	lockcell	-	cpe:2.3:h:tmtmakine:lockcell:-:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Lockcell",
    "vendor": "TMT",
    "versions": [
      {
        "lessThan": "15",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

fordefence.com/cve-2023-3049-unrestricted-upload-of-file-with-dangerous-type-vulnerability-allows-command-injection/

www.usom.gov.tr/bildirim/tr-23-0345

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.01

Percentile

83.4%

JSON

Related for CVE-2023-3049