Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2023-31446
HistoryJan 10, 2024 - 12:00 a.m.

CVE-2023-31446

2024-01-1000:00:00
mitre
www.cve.org
2
cassia
gateway
firmware
vulnerability
queueurl
parameter
injection
bash
code
execution
root
privileges
device
startup

AI Score

9.7

Confidence

High

EPSS

0.014

Percentile

86.6%

JSON

In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup.

Related

nuclei 1
cve 1
prion 1
nvd 1
nuclei
nuclei
Cassia Gateway Firmware - Remote Code Execution
2024-04-23 08:31:25
cve
cve
CVE-2023-31446
2024-01-10 03:15:43
prion
prion
Code injection
2024-01-10 03:15:00
nvd
nvd
CVE-2023-31446
2024-01-10 03:15:43

AI Score

9.7

Confidence

High

EPSS

0.014

Percentile

86.6%

JSON
Related for CVELIST:CVE-2023-31446
nuclei1cve1prion1nvd1