Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistBaicellsCVELIST:CVE-2023-0776
HistoryFeb 10, 2023 - 9:50 p.m.

CVE-2023-0776 Remote Code Execution in Baicells QRTB Platform

2023-02-1021:50:42
CWE-79
Baicells
www.cve.org
1
baicells
nova 436q
nova 430e
neutrino 430
remote code execution
http command injections
firmware vulnerability

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L

AI Score

9.9

Confidence

High

EPSS

0.002

Percentile

52.2%

JSON

Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices with firmware through QRTB 2.12.7 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "2.12.x"
    ],
    "platforms": [
      "QRTB"
    ],
    "product": "Nova 436Q",
    "vendor": "Baicells",
    "versions": [
      {
        "changes": [
          {
            "at": "2.12.8",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.12.7",
        "status": "affected",
        "version": "0",
        "versionType": "patch"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "2.12.x"
    ],
    "platforms": [
      "QRTB"
    ],
    "product": "Nova 430E",
    "vendor": "Baicells",
    "versions": [
      {
        "changes": [
          {
            "at": "2.12.8",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.12.7",
        "status": "affected",
        "version": "0",
        "versionType": "patch"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "2.12.x"
    ],
    "platforms": [
      "QRTB"
    ],
    "product": "Nova 430I",
    "vendor": "Baicells",
    "versions": [
      {
        "changes": [
          {
            "at": "2.12.8",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.12.7",
        "status": "affected",
        "version": "0",
        "versionType": "patch"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "2.12.x",
      "0"
    ],
    "platforms": [
      "QRTB"
    ],
    "product": "Neutrino 430",
    "vendor": "Baicells",
    "versions": [
      {
        "changes": [
          {
            "at": "2.12.8",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.12.7",
        "status": "affected",
        "version": "0",
        "versionType": "patch"
      }
    ]
  }
]

Related

prion 1
ics 1
cve 1
nvd 1
prion
prion
Command injection
2023-02-11 01:23:00
ics
ics
Baicells Nova
2023-03-02 12:00:00
cve
cve
CVE-2023-0776
2023-02-11 01:23:26
nvd
nvd
CVE-2023-0776
2023-02-11 01:23:26

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L

AI Score

9.9

Confidence

High

EPSS

0.002

Percentile

52.2%

JSON
Related for CVELIST:CVE-2023-0776
prion1ics1cve1nvd1