CVE-2023-1097

Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party analyst and have been confirmed exploitable special thanks to Lionel Musonza for the discovery.

CVSS v3 9.3 CRITICAL

9.3^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 2.5 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://community.na.baicells.com/t/baice-bm-2-5-26-new-cpe-software-has-been-released/1756	Release Notes
https://img.baicells.com//Upload/20220524/FILE/BaiCE_BM_2.5.26_NA.bin.bin	Product
https://community.na.baicells.com/t/baice-bm-2-5-26-new-cpe-software-has-been-released/1756	Release Notes
https://img.baicells.com//Upload/20220524/FILE/BaiCE_BM_2.5.26_NA.bin.bin	Product

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:baicells:eg7035-m11_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:baicells:eg7035-m11:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-03-01 20:15

Updated : 2024-11-21 07:38

NVD link : CVE-2023-1097

Mitre link : CVE-2023-1097

CVE.ORG link : CVE-2023-1097

JSON object : View

Products Affected

baicells

eg7035-m11
eg7035-m11_firmware

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

{"id": "CVE-2023-1097", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@baicells.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.3, "attackVector": "LOCAL", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-03-01T20:15:11.073", "references": [{"url": "https://community.na.baicells.com/t/baice-bm-2-5-26-new-cpe-software-has-been-released/1756", "tags": ["Release Notes"], "source": "security@baicells.com"}, {"url": "https://img.baicells.com//Upload/20220524/FILE/BaiCE_BM_2.5.26_NA.bin.bin", "tags": ["Product"], "source": "security@baicells.com"}, {"url": "https://community.na.baicells.com/t/baice-bm-2-5-26-new-cpe-software-has-been-released/1756", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://img.baicells.com//Upload/20220524/FILE/BaiCE_BM_2.5.26_NA.bin.bin", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security@baicells.com", "description": [{"lang": "en", "value": "CWE-94"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party analyst and have been confirmed exploitable special thanks to Lionel Musonza for the discovery.\n\n\n\n\n\n"}], "lastModified": "2024-11-21T07:38:27.123", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:baicells:eg7035-m11_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36273B84-D85D-43E1-92E2-B30F5C68E989", "versionEndIncluding": "bce-odu-1.0.8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:baicells:eg7035-m11:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3EA6185C-6193-4821-823C-7C6BF54208B9"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@baicells.com"}