CVE-2023-41031 - Vulnerability Details - OpenCVE

Command injection in homemng.htm in Juplink RX4-1500 versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows remote authenticated attackers to execute commands via specially crafted requests to the vulnerable endpoint.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00259.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Juplink	Rx4-1500 Rx4-1500 Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:juplink:rx4-1500_firmware:1.0.2:::::::*
	cpe:2.3:o:juplink:rx4-1500_firmware:1.0.3:::::::*
	cpe:2.3:o:juplink:rx4-1500_firmware:1.0.4:::::::*
	cpe:2.3:o:juplink:rx4-1500_firmware:1.0.5:::::::*

cpe:2.3:h:juplink:rx4-1500:-:*:*:*:*:*:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://blog.exodusintel.com/2023/09/18/juplink-rx4-1500-homemng-command-injection-vulnerability/

History

Tue, 24 Sep 2024 18:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: XI

Published: 2023-09-22T16:07:59.041Z

Updated: 2024-09-24T18:03:52.388Z

Reserved: 2023-08-22T14:09:29.146Z

Link: CVE-2023-41031

Vulnrichment

Updated: 2024-08-02T18:46:11.532Z

NVD

Status : Modified

Published: 2023-09-22T17:15:14.027

Modified: 2024-11-21T08:20:25.160

Link: CVE-2023-41031

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-41031", "assignerOrgId": "902ff664-2e36-43e3-a1aa-3210c82d1b67", "state": "PUBLISHED", "assignerShortName": "XI", "dateReserved": "2023-08-22T14:09:29.146Z", "datePublished": "2023-09-22T16:07:59.041Z", "dateUpdated": "2024-09-24T18:03:52.388Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "RX4-1500", "vendor": "Juplink", "versions": [{"lessThanOrEqual": "V1.0.5", "status": "affected", "version": "V1.0.2", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Exodus Intelligence"}], "datePublic": "2023-09-18T07:25:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Command injection in <span style=\"background-color: var(--wht);\">homemng.htm</span><span style=\"background-color: var(--wht);\"> in </span><span style=\"background-color: var(--wht);\">Juplink RX4-1500 versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5</span><span style=\"background-color: var(--wht);\"> allows remote authenticated attackers to execute commands via specially crafted requests to the vulnerable endpoint.</span>"}], "value": "Command injection in\u00a0homemng.htm\u00a0in\u00a0Juplink RX4-1500 versions V1.0.2,\u00a0V1.0.3,\u00a0V1.0.4, and\u00a0V1.0.5\u00a0allows remote authenticated attackers to execute commands via specially crafted requests to the vulnerable endpoint."}], "impacts": [{"capecId": "CAPEC-248", "descriptions": [{"lang": "en", "value": "CAPEC-248 Command Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV2_0": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 7.7, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "902ff664-2e36-43e3-a1aa-3210c82d1b67", "shortName": "XI", "dateUpdated": "2023-09-22T16:07:59.041Z"}, "references": [{"url": "https://blog.exodusintel.com/2023/09/18/juplink-rx4-1500-homemng-command-injection-vulnerability/"}], "source": {"discovery": "INTERNAL"}, "title": "Juplink RX4-1500 homemng.htm Command Injection Vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:46:11.532Z"}, "title": "CVE Program Container", "references": [{"url": "https://blog.exodusintel.com/2023/09/18/juplink-rx4-1500-homemng-command-injection-vulnerability/", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "juplink", "product": "rx4-1500", "cpes": ["cpe:2.3:h:juplink:rx4-1500:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "v1.0.2", "status": "affected", "lessThanOrEqual": "v1.0.5", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-24T18:02:12.959985Z", "id": "CVE-2023-41031", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-24T18:03:52.388Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://blog.exodusintel.com/2023/09/18/juplink-rx4-1500-homemng-command-injection-vulnerability/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:46:11.532Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-41031", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-24T18:02:12.959985Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:juplink:rx4-1500:-:*:*:*:*:*:*:*"], "vendor": "juplink", "product": "rx4-1500", "versions": [{"status": "affected", "version": "v1.0.2", "versionType": "custom", "lessThanOrEqual": "v1.0.5"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-24T18:03:43.428Z"}}], "cna": {"title": "Juplink RX4-1500 homemng.htm Command Injection Vulnerability", "source": {"discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Exodus Intelligence"}], "impacts": [{"capecId": "CAPEC-248", "descriptions": [{"lang": "en", "value": "CAPEC-248 Command Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV2_0": {"version": "2.0", "baseScore": 7.7, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Juplink", "product": "RX4-1500", "versions": [{"status": "affected", "version": "V1.0.2", "versionType": "custom", "lessThanOrEqual": "V1.0.5"}], "defaultStatus": "unaffected"}], "datePublic": "2023-09-18T07:25:00.000Z", "references": [{"url": "https://blog.exodusintel.com/2023/09/18/juplink-rx4-1500-homemng-command-injection-vulnerability/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Command injection in\u00a0homemng.htm\u00a0in\u00a0Juplink RX4-1500 versions V1.0.2,\u00a0V1.0.3,\u00a0V1.0.4, and\u00a0V1.0.5\u00a0allows remote authenticated attackers to execute commands via specially crafted requests to the vulnerable endpoint.", "supportingMedia": [{"type": "text/html", "value": "Command injection in <span style=\"background-color: var(--wht);\">homemng.htm</span><span style=\"background-color: var(--wht);\"> in </span><span style=\"background-color: var(--wht);\">Juplink RX4-1500 versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5</span><span style=\"background-color: var(--wht);\"> allows remote authenticated attackers to execute commands via specially crafted requests to the vulnerable endpoint.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "providerMetadata": {"orgId": "902ff664-2e36-43e3-a1aa-3210c82d1b67", "shortName": "XI", "dateUpdated": "2023-09-22T16:07:59.041Z"}}}, "cveMetadata": {"cveId": "CVE-2023-41031", "state": "PUBLISHED", "dateUpdated": "2024-09-24T18:03:52.388Z", "dateReserved": "2023-08-22T14:09:29.146Z", "assignerOrgId": "902ff664-2e36-43e3-a1aa-3210c82d1b67", "datePublished": "2023-09-22T16:07:59.041Z", "assignerShortName": "XI"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juplink:rx4-1500_firmware:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "9DC3F8E0-7228-4A73-B167-62DC28CF4908", "vulnerable": true}, {"criteria": "cpe:2.3:o:juplink:rx4-1500_firmware:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "D8269D90-271D-479A-AD3B-B376E060C344", "vulnerable": true}, {"criteria": "cpe:2.3:o:juplink:rx4-1500_firmware:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "11A8DB21-45F3-492D-BC75-69458F5E5BB8", "vulnerable": true}, {"criteria": "cpe:2.3:o:juplink:rx4-1500_firmware:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "8E128A98-3A65-4D6D-9FBA-5ED897B77073", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:juplink:rx4-1500:-:*:*:*:*:*:*:*", "matchCriteriaId": "6D46885D-045C-476A-AADE-7045A5F9046A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Command injection in\u00a0homemng.htm\u00a0in\u00a0Juplink RX4-1500 versions V1.0.2,\u00a0V1.0.3,\u00a0V1.0.4, and\u00a0V1.0.5\u00a0allows remote authenticated attackers to execute commands via specially crafted requests to the vulnerable endpoint."}, {"lang": "es", "value": "La inyecci\u00f3n de comandos en homemng.htm en Juplink RX4-1500 versiones V1.0.2, V1.0.3, V1.0.4 y V1.0.5 permite a atacantes remotos autenticados ejecutar comandos a trav\u00e9s de solicitudes especialmente manipuladas al endpoint vulnerable."}], "id": "CVE-2023-41031", "lastModified": "2024-11-21T08:20:25.160", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 7.7, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "disclosures@exodusintel.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "disclosures@exodusintel.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-22T17:15:14.027", "references": [{"source": "disclosures@exodusintel.com", "tags": ["Third Party Advisory"], "url": "https://blog.exodusintel.com/2023/09/18/juplink-rx4-1500-homemng-command-injection-vulnerability/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://blog.exodusintel.com/2023/09/18/juplink-rx4-1500-homemng-command-injection-vulnerability/"}], "sourceIdentifier": "disclosures@exodusintel.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "disclosures@exodusintel.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}