CVE-2023-25909

Published Mar 27, 2023

Last updated 2 years ago

Overview

Description: HGiga OAKlouds file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary command or disrupt service.
Source: twcert@cert.org.tw
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

nvd@nist.gov: CWE-434
twcert@cert.org.tw: CWE-434

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:hgiga:oaklouds_portal:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "781258B7-4D3E-458B-84CF-69E96AB8F7C5",
            "versionEndExcluding": "2.0-10",
            "versionStartIncluding": "2.0"
          },
          {
            "criteria": "cpe:2.3:a:hgiga:oaklouds_portal:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1915384-8254-4B4C-A3A6-81091263747A",
            "versionEndExcluding": "3.0-10",
            "versionStartIncluding": "3.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.1

Weaknesses

Configurations

References