Lucene search

TalosCVELIST:CVE-2023-50381

HistoryJul 08, 2024 - 3:22 p.m.

CVE-2023-50381

2024-07-0815:22:23

CWE-78

talos

www.cve.org

realtek

command injection

http requests

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

28.3%

JSON

Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the targetAPSsid request’s parameter.

CNA Affected

[
  {
    "vendor": "LevelOne",
    "product": "WBR-6013",
    "versions": [
      {
        "version": "RER4_A_v3411b_2T2R_LEV_09_170623",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Realtek",
    "product": "rtl819x Jungle SDK",
    "versions": [
      {
        "version": "v3.4.11",
        "status": "affected"
      }
    ]
  }
]

References

talosintelligence.com/vulnerability_reports/TALOS-2023-1899

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

28.3%

JSON

Related for CVELIST:CVE-2023-50381