CRITICAL🇬🇧 English

CVE-2023-1097

CVSS 9.3v3.1pub. 2023-03-01upd. 2024-11-21

Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party analyst and have been confirmed exploitable special thanks to Lionel Musonza for the discovery.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Baicells Eg7035 M11

    HW
    Baicells
    wszystkie wersje
  • Baicells Eg7035 M11 Firmware

    OS
    Baicells
    ≤ bce-odu-1.0.8
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-24022CRITICAL10.0ten sam vendor

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have h...

CVE-2022-24693CRITICAL9.8ten sam vendor

Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that ar...

CVE-2023-0776HIGH8.1ten sam vendor

Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices with firmware through QRTB 2...

CVE-2023-24508HIGH8.1ten sam vendor

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and Nova 246 devices with firmware through RTS/RTD 3....