CVE-2023-0830

EasyNAS backup.pl system os command injection

CVSS 5.3 MEDIUMEPSS 20.9%CWE-77 CWE-78

A vulnerability classified as critical has been found in EasyNAS 1.1.0. Affected is the function system of the file /backup.pl. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected products

n/a · EasyNAS

public PoCs found — 3

cve_referencegithub.com/xbz0n/CVE-2023-0830★ 1 cve_referencegist.github.com/xbz0n/674af0e802efaaafe90d2f67464c2690unverified cve_referencewww.exploit-db.com/exploits/51266unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://gist.github.com/xbz0n/674af0e802efaaafe90d2f67464c2690 https://github.com/xbz0n/CVE-2023-0830 https://vuldb.com/?ctiid.220950 https://vuldb.com/?id.220950 https://vuldb.com/?submit.86683 https://www.exploit-db.com/exploits/51266