CVE-2023-41031 - OpenCVE

Command injection in homemng.htm in Juplink RX4-1500 versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows remote authenticated attackers to execute commands via specially crafted requests to the vulnerable endpoint.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:A/AC:L/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Juplink	Rx4-1500 Rx4-1500 Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:juplink:rx4-1500_firmware:1.0.2:::::::*
	cpe:2.3:o:juplink:rx4-1500_firmware:1.0.3:::::::*
	cpe:2.3:o:juplink:rx4-1500_firmware:1.0.4:::::::*
	cpe:2.3:o:juplink:rx4-1500_firmware:1.0.5:::::::*

cpe:2.3:h:juplink:rx4-1500:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://blog.exodusintel.com/2023/09/18/juplink-rx4-1500-homemng-command-injection-vulnerability/

History

No history.

MITRE

Status: PUBLISHED

Assigner: XI

Published: 2023-09-22T16:07:59.041Z

Updated: 2024-08-02T18:46:11.532Z

Reserved: 2023-08-22T14:09:29.146Z

Link: CVE-2023-41031

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-09-22T17:15:14.027

Modified: 2023-09-26T14:27:31.583

Link: CVE-2023-41031

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-41031", "assignerOrgId": "902ff664-2e36-43e3-a1aa-3210c82d1b67", "state": "PUBLISHED", "assignerShortName": "XI", "dateReserved": "2023-08-22T14:09:29.146Z", "datePublished": "2023-09-22T16:07:59.041Z", "dateUpdated": "2024-08-02T18:46:11.532Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "RX4-1500", "vendor": "Juplink", "versions": [{"lessThanOrEqual": "V1.0.5", "status": "affected", "version": "V1.0.2", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Exodus Intelligence"}], "datePublic": "2023-09-18T07:25:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Command injection in <span style=\"background-color: var(--wht);\">homemng.htm</span><span style=\"background-color: var(--wht);\"> in </span><span style=\"background-color: var(--wht);\">Juplink RX4-1500 versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5</span><span style=\"background-color: var(--wht);\"> allows remote authenticated attackers to execute commands via specially crafted requests to the vulnerable endpoint.</span>"}], "value": "Command injection in\u00a0homemng.htm\u00a0in\u00a0Juplink RX4-1500 versions V1.0.2,\u00a0V1.0.3,\u00a0V1.0.4, and\u00a0V1.0.5\u00a0allows remote authenticated attackers to execute commands via specially crafted requests to the vulnerable endpoint."}], "impacts": [{"capecId": "CAPEC-248", "descriptions": [{"lang": "en", "value": "CAPEC-248 Command Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV2_0": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 7.7, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "902ff664-2e36-43e3-a1aa-3210c82d1b67", "shortName": "XI", "dateUpdated": "2023-09-22T16:07:59.041Z"}, "references": [{"url": "https://blog.exodusintel.com/2023/09/18/juplink-rx4-1500-homemng-command-injection-vulnerability/"}], "source": {"discovery": "INTERNAL"}, "title": "Juplink RX4-1500 homemng.htm Command Injection Vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:46:11.532Z"}, "title": "CVE Program Container", "references": [{"url": "https://blog.exodusintel.com/2023/09/18/juplink-rx4-1500-homemng-command-injection-vulnerability/", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juplink:rx4-1500_firmware:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "9DC3F8E0-7228-4A73-B167-62DC28CF4908", "vulnerable": true}, {"criteria": "cpe:2.3:o:juplink:rx4-1500_firmware:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "D8269D90-271D-479A-AD3B-B376E060C344", "vulnerable": true}, {"criteria": "cpe:2.3:o:juplink:rx4-1500_firmware:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "11A8DB21-45F3-492D-BC75-69458F5E5BB8", "vulnerable": true}, {"criteria": "cpe:2.3:o:juplink:rx4-1500_firmware:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "8E128A98-3A65-4D6D-9FBA-5ED897B77073", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:juplink:rx4-1500:-:*:*:*:*:*:*:*", "matchCriteriaId": "6D46885D-045C-476A-AADE-7045A5F9046A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Command injection in\u00a0homemng.htm\u00a0in\u00a0Juplink RX4-1500 versions V1.0.2,\u00a0V1.0.3,\u00a0V1.0.4, and\u00a0V1.0.5\u00a0allows remote authenticated attackers to execute commands via specially crafted requests to the vulnerable endpoint."}, {"lang": "es", "value": "La inyecci\u00f3n de comandos en homemng.htm en Juplink RX4-1500 versiones V1.0.2, V1.0.3, V1.0.4 y V1.0.5 permite a atacantes remotos autenticados ejecutar comandos a trav\u00e9s de solicitudes especialmente manipuladas al endpoint vulnerable."}], "id": "CVE-2023-41031", "lastModified": "2023-09-26T14:27:31.583", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 7.7, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "disclosures@exodusintel.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "disclosures@exodusintel.com", "type": "Secondary"}]}, "published": "2023-09-22T17:15:14.027", "references": [{"source": "disclosures@exodusintel.com", "tags": ["Third Party Advisory"], "url": "https://blog.exodusintel.com/2023/09/18/juplink-rx4-1500-homemng-command-injection-vulnerability/"}], "sourceIdentifier": "disclosures@exodusintel.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-77"}], "source": "disclosures@exodusintel.com", "type": "Secondary"}]}