Lucene search

MitreCVE-2023-31746

HistoryJun 14, 2023 - 9:15 p.m.

CVE-2023-31746

2023-06-1421:15:09

CWE-77

mitre

web.nvd.nist.gov

cve-2023-31746

command injection

adslr vw2100

router

firmware

vulnerability

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.002

Percentile

54.5%

JSON

There is a command injection vulnerability in the adslr VW2100 router with firmware version M1DV1.0. An unauthenticated attacker can exploit the vulnerability to execute system commands as the root user.

Affected configurations

Nvd

Node

vw2100_projectvw2100_firmwareMatchm1dv1.0

AND

vw2100_projectvw2100Match-

VendorProductVersionCPE
vw2100_projectvw2100_firmwarem1dv1.0cpe:2.3:o:vw2100_project:vw2100_firmware:m1dv1.0:*:*:*:*:*:*:*
vw2100_projectvw2100-cpe:2.3:h:vw2100_project:vw2100:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vw2100_project	vw2100_firmware	m1dv1.0	cpe:2.3:o:vw2100_project:vw2100_firmware:m1dv1.0:::::::*
vw2100_project	vw2100	-	cpe:2.3:h:vw2100_project:vw2100:-:::::::*

References

github.com/D2y6p/CVE/blob/main/adslr/CVE-2023-31746/1/VW2100_RCE1.pdf

github.com/D2y6p/CVE/blob/main/adslr/CVE-2023-31746/2/VW2100_RCE2.pdf

github.com/D2y6p/CVE/blob/main/adslr/CVE-2023-31746/3/VW2100_RCE3.pdf

github.com/D2y6p/CVE/blob/main/adslr/CVE-2023-31746/4/VW2100_RCE4.pdf

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.002

Percentile

54.5%

JSON

Related for CVE-2023-31746