Vulnerability Description
NetModule NSRW web administration interface executes an OS command constructed with unsanitized user input. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netmodule | Netmodule Router Software | >= 4.3.0.0, < 4.3.0.119 |
| Netmodule | Nb1601 | - |
| Netmodule | Nb1800 | - |
| Netmodule | Nb1810 | - |
| Netmodule | Nb2800 | - |
| Netmodule | Nb2810 | - |
| Netmodule | Nb3701 | - |
| Netmodule | Nb3800 | - |
| Netmodule | Nb800 | - |
| Netmodule | Ng800 | - |
Related Weaknesses (CWE)
References
- https://onekey.com/blog/security-advisory-netmodule-multiple-vulnerabilitiesThird Party Advisory
- https://share.netmodule.com/public/system-software/4.7/4.7.0.103/NRSW-RN-4.7.0.1Release Notes
- https://onekey.com/blog/security-advisory-netmodule-multiple-vulnerabilitiesThird Party Advisory
- https://share.netmodule.com/public/system-software/4.7/4.7.0.103/NRSW-RN-4.7.0.1Release Notes
FAQ
What is CVE-2023-0861?
CVE-2023-0861 is a vulnerability with a CVSS score of 7.2 (HIGH). NetModule NSRW web administration interface executes an OS command constructed with unsanitized user input. A successful exploit could allow an authenticated user to execute arbitrary commands with el...
How severe is CVE-2023-0861?
CVE-2023-0861 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-0861?
Check the references section above for vendor advisories and patch information. Affected products include: Netmodule Netmodule Router Software, Netmodule Nb1601, Netmodule Nb1800, Netmodule Nb1810, Netmodule Nb2800.