CVE-2023-0862
Published Feb 16, 2023
Last updated a year ago
Overview
- Description
- The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading malicious files to the web root directory, authenticated users could gain remote command execution with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103.
- Source
- research@onekey.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netmodule:netmodule_router_software:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FA6AD24E-E27F-4078-8066-AB0E0D1CAA33",
"versionEndExcluding": "4.3.0.119",
"versionStartIncluding": "4.3.0.0"
},
{
"criteria": "cpe:2.3:a:netmodule:netmodule_router_software:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8000F0E9-A55B-472E-B71E-20097FC15C58",
"versionEndExcluding": "4.4.0.118",
"versionStartIncluding": "4.4.0.0"
},
{
"criteria": "cpe:2.3:a:netmodule:netmodule_router_software:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EFFBFAD7-53CB-4755-A338-2FE945B3689F",
"versionEndExcluding": "4.6.0.105",
"versionStartIncluding": "4.6.0.0"
},
{
"criteria": "cpe:2.3:a:netmodule:netmodule_router_software:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B543F356-8395-4F7E-A3C8-1A5DB362533C",
"versionEndExcluding": "4.7.0.103",
"versionStartIncluding": "4.7.0.0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netmodule:nb1601:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "5C90BC32-C405-4178-B944-9CF39C212C46"
},
{
"criteria": "cpe:2.3:h:netmodule:nb1800:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A80AE348-C415-4B5F-B359-26E2F2A132F7"
},
{
"criteria": "cpe:2.3:h:netmodule:nb1810:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A3CF8E81-2EB5-4CDC-9FC9-CEAF4E1E7514"
},
{
"criteria": "cpe:2.3:h:netmodule:nb2800:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "EFF579A1-A31C-47F3-912A-43F5B4894497"
},
{
"criteria": "cpe:2.3:h:netmodule:nb2810:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "41310FAF-CD23-4126-942D-DA950A96DF3E"
},
{
"criteria": "cpe:2.3:h:netmodule:nb3701:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "962F7AFA-76A3-4F83-AA2C-AB168C644104"
},
{
"criteria": "cpe:2.3:h:netmodule:nb3800:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "7120564A-4FE0-403E-A976-9658A665E51A"
},
{
"criteria": "cpe:2.3:h:netmodule:nb800:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "3B550124-772B-4384-BA89-72B68E01F61E"
},
{
"criteria": "cpe:2.3:h:netmodule:ng800:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "0408E588-146F-4AD2-9D58-A12EBA83A697"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]