CVE-2023-24837

Published Mar 27, 2023

Last updated 2 years ago

Overview

Description: HGiga PowerStation remote management function has insufficient filtering for user input. An authenticated remote attacker with general user privilege can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operation or disrupt service.
Source: twcert@cert.org.tw
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

twcert@cert.org.tw: CWE-78

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:hgiga:powerstation:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4335A03A-1D0E-4DC9-A71B-FA627DB38B2F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:hgiga:powerstation_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3553132-CE95-4A61-9188-22D479C3E8A5",
            "versionEndExcluding": "x64.6.2.165"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 3.1

Weaknesses

Configurations

References