5 matches found
CVE-2023-33294
An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctwebserver binary exposes a local web server that responds to GET and POST requests on port 2929. The server accepts arbitrary Bash commands and executes them as root. Because it is not permission or context restricted and returns...
CVE-2023-33294
creationtimestamp| type| source ---|---|--- 2023-05-22 20:25:32+00:00| seen| https://t.me/cibsecurity/64546...
CVE-2023-33294
An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctwebserver binary exposes a local web server that responds to GET and POST requests on port 2929. The server accepts arbitrary Bash commands and executes them as root. Because it is not permission or context restricted and returns...
CVE-2023-33294
An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctwebserver binary exposes a local web server that responds to GET and POST requests on port 2929. The server accepts arbitrary Bash commands and executes them as root. Because it is not permission or context restricted and returns...
CVE-2023-33294
KaiOS 3.0 before 3.1 is affected by CVE-2023-33294 due to the /system/bin/tctweb_server local web server listening on port 2929 that accepts arbitrary Bash commands and runs them as root. The server is not permission/context restricted and returns CORS headers, making it reachable from any websit...