CVE-2023-1097 — CRITICAL (9.3)

Q: How severe is CVE-2023-1097?

CVE-2023-1097 has been rated CRITICAL with a CVSS base score of 9.3/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2023-1097?

Check the references section above for vendor advisories and patch information. Affected products include: Baicells Eg7035-M11 Firmware, Baicells Eg7035-M11.

Vulnerability Description

Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party analyst and have been confirmed exploitable special thanks to Lionel Musonza for the discovery.

CVSS Score

9.3

CRITICAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Baicells	Eg7035-M11 Firmware	<= bce-odu-1.0.8
Baicells	Eg7035-M11	-

Related Weaknesses (CWE)

CWE-94 CWE-77

References

FAQ

What is CVE-2023-1097?

CVE-2023-1097 is a vulnerability with a CVSS score of 9.3 (CRITICAL). Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and execu...

How severe is CVE-2023-1097?

CVE-2023-1097 has been rated CRITICAL with a CVSS base score of 9.3/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2023-1097?

Check the references section above for vendor advisories and patch information. Affected products include: Baicells Eg7035-M11 Firmware, Baicells Eg7035-M11.