Lucene search

TalosCVELIST:CVE-2023-50382

HistoryJul 08, 2024 - 3:22 p.m.

CVE-2023-50382

2024-07-0815:22:23

CWE-78

talos

www.cve.org

command injection

realtek rtl819x jungle sdk

http requests

peerpin

arbitrary command execution

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

20.6%

JSON

Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the peerPin request’s parameter.

CNA Affected

[
  {
    "vendor": "LevelOne",
    "product": "WBR-6013",
    "versions": [
      {
        "version": "RER4_A_v3411b_2T2R_LEV_09_170623",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Realtek",
    "product": "rtl819x Jungle SDK",
    "versions": [
      {
        "version": "v3.4.11",
        "status": "affected"
      }
    ]
  }
]

References

talosintelligence.com/vulnerability_reports/TALOS-2023-1899

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

20.6%

JSON

Related for CVELIST:CVE-2023-50382