Lucene search

BitdefenderCVE-2023-6321

HistoryMay 15, 2024 - 1:15 p.m.

CVE-2023-6321

2024-05-1513:15:25

CWE-78

Bitdefender

web.nvd.nist.gov

command injection

ota updates

root access

authenticated requests

vulnerability

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

Percentile

9.6%

JSON

A command injection vulnerability exists in the IOCTL that manages OTA updates. A specially crafted command can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Cam v2",
    "vendor": "Owlet",
    "versions": [
      {
        "lessThan": "4.2.10",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Cam v1",
    "vendor": "Owlet",
    "versions": [
      {
        "lessThan": "4.2.11",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

bitdefender.com/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact/

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

Percentile

9.6%

JSON

Related for CVE-2023-6321