CVE-2023-50382

2024-07-0816:15:07

CWE-78

[email protected]

web.nvd.nist.gov

realtek

command injection

http requests

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

20.6%

JSON

Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the peerPin request’s parameter.

Affected configurations

Nvd

Node

realtekrtl819x_jungle_software_development_kitMatch3.4.11

Node

level1wbr-6013_firmwareMatchrer4_a_v3411b_2t2r_lev_09_170623

AND

level1wbr-6013Match-

VendorProductVersionCPE
realtekrtl819x_jungle_software_development_kit3.4.11cpe:2.3:a:realtek:rtl819x_jungle_software_development_kit:3.4.11:*:*:*:*:*:*:*
level1wbr-6013_firmwarerer4_a_v3411b_2t2r_lev_09_170623cpe:2.3:o:level1:wbr-6013_firmware:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*
level1wbr-6013-cpe:2.3:h:level1:wbr-6013:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
realtek	rtl819x_jungle_software_development_kit	3.4.11	cpe:2.3:a:realtek:rtl819x_jungle_software_development_kit:3.4.11:::::::*
level1	wbr-6013_firmware	rer4_a_v3411b_2t2r_lev_09_170623	cpe:2.3:o:level1:wbr-6013_firmware:rer4_a_v3411b_2t2r_lev_09_170623:::::::*
level1	wbr-6013	-	cpe:2.3:h:level1:wbr-6013:-:::::::*