CVE-2023-1097 - OpenCVE

Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party analyst and have been confirmed exploitable special thanks to Lionel Musonza for the discovery.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Baicells	Eg7035-m11 Eg7035-m11 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:baicells:eg7035-m11_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:baicells:eg7035-m11:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://community.na.baicells.com/t/baice-bm-2-5-26-new-cpe-software-has-been-released/1756
https://img.baicells.com//Upload/20220524/FILE/BaiCE_BM_2.5.26_NA.bin.bin

History

No history.

MITRE

Status: PUBLISHED

Assigner: Baicells

Published: 2023-03-01T19:29:26.456Z

Updated: 2024-08-02T05:32:46.398Z

Reserved: 2023-02-28T17:35:19.554Z

Link: CVE-2023-1097

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-03-01T20:15:11.073

Modified: 2023-11-07T04:02:29.747

Link: CVE-2023-1097

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-1097", "assignerOrgId": "084566ad-deee-4e89-acff-6b7b1bf9d4b7", "state": "PUBLISHED", "assignerShortName": "Baicells", "dateReserved": "2023-02-28T17:35:19.554Z", "datePublished": "2023-03-01T19:29:26.456Z", "dateUpdated": "2024-08-02T05:32:46.398Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["BCE"], "product": "EG7035-M11", "vendor": "Baicells", "versions": [{"changes": [{"at": "BaiCE_BM_2.5.26", "status": "unaffected"}], "lessThanOrEqual": " BCE-ODU-1.0.8", "status": "affected", "version": "0", "versionType": "patch"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "CPE would need to be configured and running on BCE-ODU-1.0.8 firmware and older along with being accessible on the internal network or public network. If the Web interface is enabled it will allow users to exploit using the above method. "}], "value": "CPE would need to be configured and running on BCE-ODU-1.0.8 firmware and older along with being accessible on the internal network or public network. If the Web interface is enabled it will allow users to exploit using the above method. "}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Lionel Musonza"}, {"lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Baicells Security Team"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p><span style=\"background-color: rgb(255, 255, 255);\">Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party analyst and have been confirmed exploitable special thanks to Lionel Musonza for the discovery.<br></span><br><br></p><br>"}], "value": "Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party analyst and have been confirmed exploitable special thanks to Lionel Musonza for the discovery.\n\n\n\n\n\n"}], "impacts": [{"capecId": "CAPEC-108", "descriptions": [{"lang": "en", "value": "CAPEC-108 Command Line Execution through SQL Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": " CWE-94: Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "084566ad-deee-4e89-acff-6b7b1bf9d4b7", "shortName": "Baicells", "dateUpdated": "2023-03-01T19:29:26.456Z"}, "references": [{"tags": ["patch", "release-notes"], "url": "https://community.na.baicells.com/t/baice-bm-2-5-26-new-cpe-software-has-been-released/1756"}, {"tags": ["patch"], "url": "https://img.baicells.com//Upload/20220524/FILE/BaiCE_BM_2.5.26_NA.bin.bin"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Baicells recommends that all customers currently running an earlier version of BCE-ODU-1.0.8 upgrade their product to the BaiCE_BM_2.5.26 firmware.</p><br>"}], "value": "Baicells recommends that all customers currently running an earlier version of BCE-ODU-1.0.8 upgrade\u00a0their product to the BaiCE_BM_2.5.26\u00a0firmware.\n\n\n"}], "source": {"discovery": "UNKNOWN"}, "title": "Unauthenticated Command Injection EG7035-M11 Series", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:32:46.398Z"}, "title": "CVE Program Container", "references": [{"tags": ["patch", "release-notes", "x_transferred"], "url": "https://community.na.baicells.com/t/baice-bm-2-5-26-new-cpe-software-has-been-released/1756"}, {"tags": ["patch", "x_transferred"], "url": "https://img.baicells.com//Upload/20220524/FILE/BaiCE_BM_2.5.26_NA.bin.bin"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:baicells:eg7035-m11_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "36273B84-D85D-43E1-92E2-B30F5C68E989", "versionEndIncluding": "bce-odu-1.0.8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:baicells:eg7035-m11:-:*:*:*:*:*:*:*", "matchCriteriaId": "3EA6185C-6193-4821-823C-7C6BF54208B9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party analyst and have been confirmed exploitable special thanks to Lionel Musonza for the discovery.\n\n\n\n\n\n"}], "id": "CVE-2023-1097", "lastModified": "2023-11-07T04:02:29.747", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 6.0, "source": "security@baicells.com", "type": "Secondary"}]}, "published": "2023-03-01T20:15:11.073", "references": [{"source": "security@baicells.com", "tags": ["Release Notes"], "url": "https://community.na.baicells.com/t/baice-bm-2-5-26-new-cpe-software-has-been-released/1756"}, {"source": "security@baicells.com", "tags": ["Product"], "url": "https://img.baicells.com//Upload/20220524/FILE/BaiCE_BM_2.5.26_NA.bin.bin"}], "sourceIdentifier": "security@baicells.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "security@baicells.com", "type": "Secondary"}]}