CVE-2023-0861
Published Feb 16, 2023
Last updated a year ago
Overview
- Description
- NetModule NSRW web administration interface executes an OS command constructed with unsanitized user input. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103.
- Source
- research@onekey.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netmodule:netmodule_router_software:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FA6AD24E-E27F-4078-8066-AB0E0D1CAA33",
"versionEndExcluding": "4.3.0.119",
"versionStartIncluding": "4.3.0.0"
},
{
"criteria": "cpe:2.3:a:netmodule:netmodule_router_software:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8000F0E9-A55B-472E-B71E-20097FC15C58",
"versionEndExcluding": "4.4.0.118",
"versionStartIncluding": "4.4.0.0"
},
{
"criteria": "cpe:2.3:a:netmodule:netmodule_router_software:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EFFBFAD7-53CB-4755-A338-2FE945B3689F",
"versionEndExcluding": "4.6.0.105",
"versionStartIncluding": "4.6.0.0"
},
{
"criteria": "cpe:2.3:a:netmodule:netmodule_router_software:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B543F356-8395-4F7E-A3C8-1A5DB362533C",
"versionEndExcluding": "4.7.0.103",
"versionStartIncluding": "4.7.0.0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netmodule:nb1601:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "5C90BC32-C405-4178-B944-9CF39C212C46"
},
{
"criteria": "cpe:2.3:h:netmodule:nb1800:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A80AE348-C415-4B5F-B359-26E2F2A132F7"
},
{
"criteria": "cpe:2.3:h:netmodule:nb1810:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A3CF8E81-2EB5-4CDC-9FC9-CEAF4E1E7514"
},
{
"criteria": "cpe:2.3:h:netmodule:nb2800:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "EFF579A1-A31C-47F3-912A-43F5B4894497"
},
{
"criteria": "cpe:2.3:h:netmodule:nb2810:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "41310FAF-CD23-4126-942D-DA950A96DF3E"
},
{
"criteria": "cpe:2.3:h:netmodule:nb3701:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "962F7AFA-76A3-4F83-AA2C-AB168C644104"
},
{
"criteria": "cpe:2.3:h:netmodule:nb3800:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "7120564A-4FE0-403E-A976-9658A665E51A"
},
{
"criteria": "cpe:2.3:h:netmodule:nb800:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "3B550124-772B-4384-BA89-72B68E01F61E"
},
{
"criteria": "cpe:2.3:h:netmodule:ng800:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "0408E588-146F-4AD2-9D58-A12EBA83A697"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]