ГлавнаяУязвимости → CVE-2023-31446
9.8критическая

CVE-2023-31446

→ есть в БДУ: BDU:2024-00268 (на русском)
Описание (на английском; русское — в БДУ выше)

In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup.

Затрагиваемое ПО
Cassianetworks Xc1000 firmwareCassianetworks Xc1000Cassianetworks Xc2000 firmwareCassianetworks Xc2000
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://blog.kscsc.online/cves/202331446/md.htmlhttps://github.com/Dodge-MPTC/CVE-2023-31446-Remote-Code-Executionhttps://www.cassianetworks.comhttps://blog.kscsc.online/cves/202331446/md.htmlhttps://github.com/Dodge-MPTC/CVE-2023-31446-Remote-Code-Executionhttps://www.cassianetworks.com