Published: 26/01/2023 Updated: 08/02/2023

CVSS v3 Base Score: 9.6 | Impact Score: 6 | Exploitability Score: 2.8

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce.

Vulnerable Product	Search on Vulmon	Subscribe to Product
baicells rtd_firmware
baicells rts_firmware

Critical Infrastructure Sectors: Communications

CVE-2023-24508 Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 366 are vulnerable to remote shell code exploitation via HTTP command injections Commands are executed using pre-login execution and executed with root permissions The following methods below have been tested and validated by a 3rd party analyst and has been confirm

CWE-79 https://img.baicells.com//Upload/20230118/FILE/BaiBS_RTS_3.7.11.6.IMG.IMG https://img.baicells.com//Upload/20230118/FILE/BaiBS_RTS_3.7.11.6_Changelog.PDF.pdf https://github.com/Live-Hack-CVE/CVE-2023-24508 https://nvd.nist.gov https://www.cisa.gov/uscert/ics/advisories/icsa-23-033-03

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-24508

Vulnerability Summary

Most Upvoted Vulmon Research Post

Vulnerability Trend

ICS Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect