CVE-2023-41029 - OpenCVE

Command injection vulnerability in the homemng.htm endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows authenticated remote attackers to execute commands as root via specially crafted HTTP requests to the vulnerable endpoint.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:A/AC:L/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Juplink	Rx4-1500 Rx4-1500 Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:juplink:rx4-1500_firmware:1.0.2:::::::*
	cpe:2.3:o:juplink:rx4-1500_firmware:1.0.3:::::::*
	cpe:2.3:o:juplink:rx4-1500_firmware:1.0.4:::::::*
	cpe:2.3:o:juplink:rx4-1500_firmware:1.0.5:::::::*

cpe:2.3:h:juplink:rx4-1500:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://blog.exodusintel.com/2023/09/18/juplink-rx4-1500-command-injection-vulnerability/

History

No history.

MITRE

Status: PUBLISHED

Assigner: XI

Published: 2023-09-22T16:07:12.826Z

Updated: 2024-08-02T18:46:11.505Z

Reserved: 2023-08-22T14:09:29.146Z

Link: CVE-2023-41029

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-09-22T17:15:10.957

Modified: 2023-09-26T14:27:48.917

Link: CVE-2023-41029

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-41029", "assignerOrgId": "902ff664-2e36-43e3-a1aa-3210c82d1b67", "state": "PUBLISHED", "assignerShortName": "XI", "dateReserved": "2023-08-22T14:09:29.146Z", "datePublished": "2023-09-22T16:07:12.826Z", "dateUpdated": "2024-08-02T18:46:11.505Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "RX4-1500", "vendor": "Juplink", "versions": [{"lessThanOrEqual": "V1.0.5", "status": "affected", "version": "V1.0.2", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Exodus Intelligence"}], "datePublic": "2023-09-18T07:20:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Command injection vulnerability in the <span style=\"background-color: var(--wht);\">homemng.htm endpoint </span><span style=\"background-color: var(--wht);\">in </span><span style=\"background-color: var(--wht);\">Juplink RX4-1500 Wifi router firmware versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 </span><span style=\"background-color: var(--wht);\">allows authenticated remote attackers to execute commands as root via specially crafted HTTP requests to the vulnerable endpoint.</span>"}], "value": "Command injection vulnerability in the\u00a0homemng.htm endpoint\u00a0in\u00a0Juplink RX4-1500 Wifi router firmware versions\u00a0V1.0.2,\u00a0V1.0.3,\u00a0V1.0.4, and\u00a0V1.0.5\u00a0allows authenticated remote attackers to execute commands as root via specially crafted HTTP requests to the vulnerable endpoint."}], "impacts": [{"capecId": "CAPEC-248", "descriptions": [{"lang": "en", "value": "CAPEC-248 Command Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV2_0": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 7.7, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "902ff664-2e36-43e3-a1aa-3210c82d1b67", "shortName": "XI", "dateUpdated": "2023-09-22T16:07:12.826Z"}, "references": [{"url": "https://blog.exodusintel.com/2023/09/18/juplink-rx4-1500-command-injection-vulnerability/"}], "source": {"discovery": "INTERNAL"}, "title": "Juplink RX4-1500 Command Injection Vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:46:11.505Z"}, "title": "CVE Program Container", "references": [{"url": "https://blog.exodusintel.com/2023/09/18/juplink-rx4-1500-command-injection-vulnerability/", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juplink:rx4-1500_firmware:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "9DC3F8E0-7228-4A73-B167-62DC28CF4908", "vulnerable": true}, {"criteria": "cpe:2.3:o:juplink:rx4-1500_firmware:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "D8269D90-271D-479A-AD3B-B376E060C344", "vulnerable": true}, {"criteria": "cpe:2.3:o:juplink:rx4-1500_firmware:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "11A8DB21-45F3-492D-BC75-69458F5E5BB8", "vulnerable": true}, {"criteria": "cpe:2.3:o:juplink:rx4-1500_firmware:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "8E128A98-3A65-4D6D-9FBA-5ED897B77073", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:juplink:rx4-1500:-:*:*:*:*:*:*:*", "matchCriteriaId": "6D46885D-045C-476A-AADE-7045A5F9046A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Command injection vulnerability in the\u00a0homemng.htm endpoint\u00a0in\u00a0Juplink RX4-1500 Wifi router firmware versions\u00a0V1.0.2,\u00a0V1.0.3,\u00a0V1.0.4, and\u00a0V1.0.5\u00a0allows authenticated remote attackers to execute commands as root via specially crafted HTTP requests to the vulnerable endpoint."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n de comando en el endpoint homemng.htm en las versiones de firmware del router Wifi Juplink RX4-1500 V1.0.2, V1.0.3, V1.0.4 y V1.0.5 permite a atacantes remotos autenticados ejecutar comandos como root a trav\u00e9s de solicitudes HTTP especialmente manipuladas al endpoint vulnerable."}], "id": "CVE-2023-41029", "lastModified": "2023-09-26T14:27:48.917", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 7.7, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "disclosures@exodusintel.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "disclosures@exodusintel.com", "type": "Secondary"}]}, "published": "2023-09-22T17:15:10.957", "references": [{"source": "disclosures@exodusintel.com", "tags": ["Third Party Advisory"], "url": "https://blog.exodusintel.com/2023/09/18/juplink-rx4-1500-command-injection-vulnerability/"}], "sourceIdentifier": "disclosures@exodusintel.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-77"}], "source": "disclosures@exodusintel.com", "type": "Secondary"}]}