CVE-2023-0861 - OpenCVE

NetModule NSRW web administration interface executes an OS command constructed with unsanitized user input. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Netmodule	Nb1601 Nb1800 Nb1810 Nb2800 Nb2810 Nb3701 Nb3800 Nb800 Netmodule Router Software Ng800

Configuration 1 [-]

AND

OR	cpe:2.3:a:netmodule:netmodule_router_software::::::::
	cpe:2.3:a:netmodule:netmodule_router_software::::::::
	cpe:2.3:a:netmodule:netmodule_router_software::::::::
	cpe:2.3:a:netmodule:netmodule_router_software::::::::

OR	cpe:2.3:h:netmodule:nb1601:-:::::::*
	cpe:2.3:h:netmodule:nb1800:-:::::::*
	cpe:2.3:h:netmodule:nb1810:-:::::::*
	cpe:2.3:h:netmodule:nb2800:-:::::::*
	cpe:2.3:h:netmodule:nb2810:-:::::::*
	cpe:2.3:h:netmodule:nb3701:-:::::::*
	cpe:2.3:h:netmodule:nb3800:-:::::::*
	cpe:2.3:h:netmodule:nb800:-:::::::*
	cpe:2.3:h:netmodule:ng800:-:::::::*

No data.

References

Link	Providers
https://onekey.com/blog/security-advisory-netmodule-multiple-vulnerabilities
https://share.netmodule.com/public/system-software/4.7/4.7.0.103/NRSW-RN-4.7.0.103.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: ONEKEY

Published: 2023-02-16T08:58:43.370Z

Updated: 2024-08-02T05:24:34.694Z

Reserved: 2023-02-16T08:48:31.394Z

Link: CVE-2023-0861

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-02-16T09:15:10.237

Modified: 2023-11-07T04:01:43.933

Link: CVE-2023-0861

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-0861", "assignerOrgId": "2d533b80-6e4a-4e20-93e2-171235122846", "state": "PUBLISHED", "assignerShortName": "ONEKEY", "dateReserved": "2023-02-16T08:48:31.394Z", "datePublished": "2023-02-16T08:58:43.370Z", "dateUpdated": "2024-08-02T05:24:34.694Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["web administration interface"], "platforms": ["Linux"], "product": "NSRW", "vendor": "NetModule", "versions": [{"lessThan": "4.3.0.119", "status": "affected", "version": "4.3.0.0", "versionType": "4.3.0.119"}, {"lessThan": "4.4.0.118", "status": "affected", "version": "4.4.0.0", "versionType": "4.4.0.118"}, {"lessThan": "4.6.0.105", "status": "affected", "version": "4.6.0.0", "versionType": "4.6.0.105"}, {"lessThan": "4.7.0.103", "status": "affected", "version": "4.7.0.0", "versionType": "4.7.0.103"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Quentin Kaiser from ONEKEY Research Labs"}], "datePublic": "2023-02-16T09:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "NetModule NSRW web administration interface executes an OS command constructed with unsanitized user input. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges.<br><p>This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103.</p>"}], "value": "NetModule NSRW web administration interface executes an OS command constructed with unsanitized user input.\u00a0A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges.\nThis issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103.\n\n"}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Proof-of-concept."}], "value": "Proof-of-concept."}], "impacts": [{"capecId": "CAPEC-248", "descriptions": [{"lang": "en", "value": "CAPEC-248 Command Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2d533b80-6e4a-4e20-93e2-171235122846", "shortName": "ONEKEY", "dateUpdated": "2023-02-21T08:24:45.882Z"}, "references": [{"url": "https://share.netmodule.com/public/system-software/4.7/4.7.0.103/NRSW-RN-4.7.0.103.pdf"}, {"url": "https://onekey.com/blog/security-advisory-netmodule-multiple-vulnerabilities"}], "source": {"discovery": "UNKNOWN"}, "title": "Authenticated Command Injection in NetModule NSRW", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:24:34.694Z"}, "title": "CVE Program Container", "references": [{"url": "https://share.netmodule.com/public/system-software/4.7/4.7.0.103/NRSW-RN-4.7.0.103.pdf", "tags": ["x_transferred"]}, {"url": "https://onekey.com/blog/security-advisory-netmodule-multiple-vulnerabilities", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netmodule:netmodule_router_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA6AD24E-E27F-4078-8066-AB0E0D1CAA33", "versionEndExcluding": "4.3.0.119", "versionStartIncluding": "4.3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:netmodule:netmodule_router_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "8000F0E9-A55B-472E-B71E-20097FC15C58", "versionEndExcluding": "4.4.0.118", "versionStartIncluding": "4.4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:netmodule:netmodule_router_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "EFFBFAD7-53CB-4755-A338-2FE945B3689F", "versionEndExcluding": "4.6.0.105", "versionStartIncluding": "4.6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:netmodule:netmodule_router_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "B543F356-8395-4F7E-A3C8-1A5DB362533C", "versionEndExcluding": "4.7.0.103", "versionStartIncluding": "4.7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netmodule:nb1601:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C90BC32-C405-4178-B944-9CF39C212C46", "vulnerable": false}, {"criteria": "cpe:2.3:h:netmodule:nb1800:-:*:*:*:*:*:*:*", "matchCriteriaId": "A80AE348-C415-4B5F-B359-26E2F2A132F7", "vulnerable": false}, {"criteria": "cpe:2.3:h:netmodule:nb1810:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3CF8E81-2EB5-4CDC-9FC9-CEAF4E1E7514", "vulnerable": false}, {"criteria": "cpe:2.3:h:netmodule:nb2800:-:*:*:*:*:*:*:*", "matchCriteriaId": "EFF579A1-A31C-47F3-912A-43F5B4894497", "vulnerable": false}, {"criteria": "cpe:2.3:h:netmodule:nb2810:-:*:*:*:*:*:*:*", "matchCriteriaId": "41310FAF-CD23-4126-942D-DA950A96DF3E", "vulnerable": false}, {"criteria": "cpe:2.3:h:netmodule:nb3701:-:*:*:*:*:*:*:*", "matchCriteriaId": "962F7AFA-76A3-4F83-AA2C-AB168C644104", "vulnerable": false}, {"criteria": "cpe:2.3:h:netmodule:nb3800:-:*:*:*:*:*:*:*", "matchCriteriaId": "7120564A-4FE0-403E-A976-9658A665E51A", "vulnerable": false}, {"criteria": "cpe:2.3:h:netmodule:nb800:-:*:*:*:*:*:*:*", "matchCriteriaId": "3B550124-772B-4384-BA89-72B68E01F61E", "vulnerable": false}, {"criteria": "cpe:2.3:h:netmodule:ng800:-:*:*:*:*:*:*:*", "matchCriteriaId": "0408E588-146F-4AD2-9D58-A12EBA83A697", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "NetModule NSRW web administration interface executes an OS command constructed with unsanitized user input.\u00a0A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges.\nThis issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103.\n\n"}], "id": "CVE-2023-0861", "lastModified": "2023-11-07T04:01:43.933", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "research@onekey.com", "type": "Secondary"}]}, "published": "2023-02-16T09:15:10.237", "references": [{"source": "research@onekey.com", "tags": ["Third Party Advisory"], "url": "https://onekey.com/blog/security-advisory-netmodule-multiple-vulnerabilities"}, {"source": "research@onekey.com", "tags": ["Release Notes"], "url": "https://share.netmodule.com/public/system-software/4.7/4.7.0.103/NRSW-RN-4.7.0.103.pdf"}], "sourceIdentifier": "research@onekey.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-77"}], "source": "research@onekey.com", "type": "Secondary"}]}