Vulnerability Description
The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading malicious files to the web root directory, authenticated users could gain remote command execution with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netmodule | Netmodule Router Software | >= 4.3.0.0, < 4.3.0.119 |
| Netmodule | Nb1601 | - |
| Netmodule | Nb1800 | - |
| Netmodule | Nb1810 | - |
| Netmodule | Nb2800 | - |
| Netmodule | Nb2810 | - |
| Netmodule | Nb3701 | - |
| Netmodule | Nb3800 | - |
| Netmodule | Nb800 | - |
| Netmodule | Ng800 | - |
Related Weaknesses (CWE)
References
- https://onekey.com/blog/security-advisory-netmodule-multiple-vulnerabilities/Third Party Advisory
- https://share.netmodule.com/public/system-software/4.7/4.7.0.103/NRSW-RN-4.7.0.1Release NotesVendor Advisory
- https://onekey.com/blog/security-advisory-netmodule-multiple-vulnerabilities/Third Party Advisory
- https://share.netmodule.com/public/system-software/4.7/4.7.0.103/NRSW-RN-4.7.0.1Release NotesVendor Advisory
FAQ
What is CVE-2023-0862?
CVE-2023-0862 is a vulnerability with a CVSS score of 7.2 (HIGH). The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading malicious files to the web root directory, authe...
How severe is CVE-2023-0862?
CVE-2023-0862 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-0862?
Check the references section above for vendor advisories and patch information. Affected products include: Netmodule Netmodule Router Software, Netmodule Nb1601, Netmodule Nb1800, Netmodule Nb1810, Netmodule Nb2800.