Published: 10/01/2024 Updated: 29/01/2024

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cassianetworks xc1000_firmware 2.1.1.2303082218
cassianetworks xc2000_firmware 2.1.1.2303090947

Repository contains description for CVE-2023-31446

CVE-2023-31446-Remote-Code-Execution Repository contains description for CVE-2023-31446 discovered by Dodge Industrial Team for Dodge OPTIFY platfrom CVE ID: CVE-2023-31446 Vendor: Cassia Networks Product: Cassia Gateway Firmware Version: <211230309* Vulnerability: Remote Code Execution/Remote Code Injection Affected: gateways Decription: queueUrl parameter in /byp

NVD-CWE-noinfo https://www.cassianetworks.com https://github.com/Dodge-MPTC/CVE-2023-31446-Remote-Code-Execution https://blog.kscsc.online/cves/202331446/md.html https://nvd.nist.gov https://github.com/Dodge-MPTC/CVE-2023-31446-Remote-Code-Execution

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-31446

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect