HIGH🇬🇧 English

CVE-2023-24508

CVSS 8.1v3.1pub. 2023-01-26upd. 2024-11-21

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and Nova 246 devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce. 

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L
  • Baicells Nova227

    HW
    Baicells
    wszystkie wersje
  • Baicells Nova233

    HW
    Baicells
    wszystkie wersje
  • Baicells Nova243

    HW
    Baicells
    wszystkie wersje
  • Baicells Nova246

    HW
    Baicells
    wszystkie wersje
  • Baicells Rtd Firmware

    OS
    Baicells
    < 3.7.11.6
  • Baicells Rts Firmware

    OS
    Baicells
    < 3.7.11.6
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2023-24022CRITICAL10.0ten sam produkt

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have h...

CVE-2023-1097CRITICAL9.3ten sam vendor

Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation ...

CVE-2022-24693CRITICAL9.8ten sam vendor

Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that ar...

CVE-2023-0776HIGH8.1ten sam vendor

Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices with firmware through QRTB 2...