CVE-2023-31446 — CRITICAL (9.8)

Vulnerability Description

In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cassianetworks	Xc1000 Firmware	2.1.1.2303082218
Cassianetworks	Xc1000	-
Cassianetworks	Xc2000 Firmware	2.1.1.2303090947
Cassianetworks	Xc2000	-

Related Weaknesses (CWE)

CWE-77

References

https://blog.kscsc.online/cves/202331446/md.html
https://github.com/Dodge-MPTC/CVE-2023-31446-Remote-Code-ExecutionExploitThird Party Advisory
https://www.cassianetworks.comProduct
https://blog.kscsc.online/cves/202331446/md.html
https://github.com/Dodge-MPTC/CVE-2023-31446-Remote-Code-ExecutionExploitThird Party Advisory
https://www.cassianetworks.comProduct

FAQ

What is CVE-2023-31446?

CVE-2023-31446 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root ...

How severe is CVE-2023-31446?

CVE-2023-31446 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2023-31446?

Check the references section above for vendor advisories and patch information. Affected products include: Cassianetworks Xc1000 Firmware, Cassianetworks Xc1000, Cassianetworks Xc2000 Firmware, Cassianetworks Xc2000.