Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party analyst and have been confirmed exploitable special thanks to Lionel Musonza for the discovery.
References
Configurations
Configuration 1 (hide)
AND |
|
History
07 Nov 2023, 04:02
Type | Values Removed | Values Added |
---|---|---|
Summary | Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party analyst and have been confirmed exploitable special thanks to Lionel Musonza for the discovery. |
Information
Published : 2023-03-01 20:15
Updated : 2024-02-28 19:51
NVD link : CVE-2023-1097
Mitre link : CVE-2023-1097
CVE.ORG link : CVE-2023-1097
JSON object : View
Products Affected
baicells
- eg7035-m11_firmware
- eg7035-m11