Lucene search
PRIOn knowledge basePRION:CVE-2023-49254HistoryJan 12, 2024 - 3:15 p.m.
Design/Logic Flaw
2024-01-1215:15:00
PRIOn knowledge base
www.prio-n.com
3
authenticated user
root user context
payload
destination field
cve-2021-28151
blacklisting characters
javascript
exploited
post requests
Authenticated user can execute arbitrary commands in the context of the root user by providing payload in the “destination” field of the network test tools. This is similar to the vulnerability CVE-2021-28151 mitigated on the user interface level by blacklisting characters with JavaScript, however, it can still be exploited by sending POST requests directly.
| CPE | Name | Operator | Version |
|---|---|---|---|
| h8951-4g-esp_firmware | lt | 2310271149 |
Related
cve
cve
CVE-2023-49254
2024-01-12 15:15:09
CVE-2021-28151
2021-05-06 16:15:07
cvelist
cvelist
CVE-2023-49254 Command injection in the network test tools
2024-01-12 14:23:41
CVE-2021-28151
2021-05-06 15:11:50
nvd
nvd
CVE-2023-49254
2024-01-12 15:15:09
CVE-2021-28151
2021-05-06 16:15:07
nuclei
nuclei
Hongdian H8922 3.0.5 - Remote Command Injection
2021-07-10 12:16:35
prion
prion
Command injection
2021-05-06 16:15:00
checkpoint_advisories
checkpoint_advisories
Hongdian H8922 Command Injection (CVE-2021-28151; CVE-2021-28149)
2021-05-27 00:00:00