CVE-2023-0830

EasyNAS backup.pl system os command injection

CVSS 5.3 MEDIUMEPSS 20.9%CWE-77 CWE-78

A vulnerability classified as critical has been found in EasyNAS 1.1.0. Affected is the function system of the file /backup.pl. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Productos afectados

n/a · EasyNAS

PoCs públicas encontradas — 3

cve_referencegithub.com/xbz0n/CVE-2023-0830★ 1 cve_referencegist.github.com/xbz0n/674af0e802efaaafe90d2f67464c2690no verificado cve_referencewww.exploit-db.com/exploits/51266no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://gist.github.com/xbz0n/674af0e802efaaafe90d2f67464c2690 https://github.com/xbz0n/CVE-2023-0830 https://vuldb.com/?ctiid.220950 https://vuldb.com/?id.220950 https://vuldb.com/?submit.86683 https://www.exploit-db.com/exploits/51266