Lucene search
HistoryMar 13, 2023 - 9:15 p.m.
CVE-2023-0351
akuvox
e11
web server
command injection
phone-book contacts
file upload
executable commands
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
9
Confidence
High
EPSS
0.001
Percentile
34.7%
The Akuvox E11 web server backend library allows command injection in the device phone-book contacts functionality. This could allow an attacker to upload files with executable command instructions.
Affected configurations
Node
akuvoxe11_firmwareMatch-
akuvoxe11Match-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| akuvox | e11_firmware | - | cpe:2.3:o:akuvox:e11_firmware:-:*:*:*:*:*:*:* |
| akuvox | e11 | - | cpe:2.3:h:akuvox:e11:-:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2023-0351 CVE-2023-0351
2023-03-13 20:22:01
cve
cve
CVE-2023-0351
2023-03-13 21:15:13
prion
prion
Command injection
2023-03-13 21:15:00
ics
ics
Akuvox E11
2023-03-09 12:00:00
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
9
Confidence
High
EPSS
0.001
Percentile
34.7%
Related for NVD:CVE-2023-0351