CVE-2023-49257 Command execution using the certificate upload utility

2024-01-1214:24:32

CWE-732

CERT-PL

www.cve.org

cve-2023-49257

authenticated user

arbitrary file

cgi-compatible

root user privileges

AI Score

Confidence

High

EPSS

0.001

Percentile

19.3%

JSON

An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with the root user privileges.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "H8951-4G-ESP",
    "vendor": "Hongdian",
    "versions": [
      {
        "lessThan": "2310271149",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

cert.pl/en/posts/2024/01/CVE-2023-49253/

cert.pl/posts/2024/01/CVE-2023-49253/