CVE-2023-0861
Severity CVSS v4.0:
Pending analysis
Type:
CWE-78
OS Command Injections
Publication date:
16/02/2023
Last modified:
07/11/2023
Description
NetModule NSRW web administration interface executes an OS command constructed with unsanitized user input. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges.<br />
This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103.<br />
<br />
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:netmodule:netmodule_router_software:*:*:*:*:*:*:*:* | 4.3.0.0 (including) | 4.3.0.119 (excluding) |
| cpe:2.3:a:netmodule:netmodule_router_software:*:*:*:*:*:*:*:* | 4.4.0.0 (including) | 4.4.0.118 (excluding) |
| cpe:2.3:a:netmodule:netmodule_router_software:*:*:*:*:*:*:*:* | 4.6.0.0 (including) | 4.6.0.105 (excluding) |
| cpe:2.3:a:netmodule:netmodule_router_software:*:*:*:*:*:*:*:* | 4.7.0.0 (including) | 4.7.0.103 (excluding) |
| cpe:2.3:h:netmodule:nb1601:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:netmodule:nb1800:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:netmodule:nb1810:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:netmodule:nb2800:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:netmodule:nb2810:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:netmodule:nb3701:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:netmodule:nb3800:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:netmodule:nb800:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:netmodule:ng800:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page