CVE-2023-30764

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-30764
OS command injection vulnerability exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to 91110.1.101106.78, KB-AHR08D versions prior to 91210.1.101106.78, KB-AHR16D versions prior to 91310.1.101106.78, KB-IRIP04A versions prior to 95110.1.100290.78A, KB-IRIP08A versions prior to 95210.1.100290.78A, and KB-IRIP16A versions prior to 95310.1.100290.78A.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://jvn.jp/en/vu/JVNVU90812349/ Third Party Advisory
https://www.kbdevice.com/news/%e3%83%ac%e3%82%b3%e3%83%bc%e3%83%80%e3%83%bc%e3%81%ae%e3%83%8d%e3%83%83%e3%83%88%e3%83%af%e3%83%bc%e3%82%af%e6%94%bb%e6%92%83%e3%81%ab%e5%af%be%e3%81%99%e3%82%8b%e3%82%a2%e3%83%83%e3%83%97%e3%83%87/ Mitigation Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:kbdevice:kb-ahr04d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:kbdevice:kb-ahr04d:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:kbdevice:kb-ahr08d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:kbdevice:kb-ahr08d:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:kbdevice:kb-ahr16d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:kbdevice:kb-ahr16d:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:kbdevice:kb-irip04a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:kbdevice:kb-irip04a:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:kbdevice:kb-irip08a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:kbdevice:kb-irip08a:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:kbdevice:kb-irip16a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:kbdevice:kb-irip16a:-:*:*:*:*:*:*:*
History

26 Jun 2023, 17:34

Type Values Removed Values Added
CPE cpe:2.3:h:kbdevice:kb-ahr16d:-:*:*:*:*:*:*:*
cpe:2.3:h:kbdevice:kb-ahr08d:-:*:*:*:*:*:*:*
cpe:2.3:o:kbdevice:kb-ahr16d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:kbdevice:kb-ahr04d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:kbdevice:kb-ahr04d:-:*:*:*:*:*:*:*
cpe:2.3:o:kbdevice:kb-irip04a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:kbdevice:kb-irip04a:-:*:*:*:*:*:*:*
cpe:2.3:h:kbdevice:kb-irip16a:-:*:*:*:*:*:*:*
cpe:2.3:h:kbdevice:kb-irip08a:-:*:*:*:*:*:*:*
cpe:2.3:o:kbdevice:kb-irip16a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:kbdevice:kb-ahr08d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:kbdevice:kb-irip08a_firmware:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
CWE CWE-78
References (MISC) https://jvn.jp/en/vu/JVNVU90812349/ - (MISC) https://jvn.jp/en/vu/JVNVU90812349/ - Third Party Advisory
References (MISC) https://www.kbdevice.com/news/%e3%83%ac%e3%82%b3%e3%83%bc%e3%83%80%e3%83%bc%e3%81%ae%e3%83%8d%e3%83%83%e3%83%88%e3%83%af%e3%83%bc%e3%82%af%e6%94%bb%e6%92%83%e3%81%ab%e5%af%be%e3%81%99%e3%82%8b%e3%82%a2%e3%83%83%e3%83%97%e3%83%87/ - (MISC) https://www.kbdevice.com/news/%e3%83%ac%e3%82%b3%e3%83%bc%e3%83%80%e3%83%bc%e3%81%ae%e3%83%8d%e3%83%83%e3%83%88%e3%83%af%e3%83%bc%e3%82%af%e6%94%bb%e6%92%83%e3%81%ab%e5%af%be%e3%81%99%e3%82%8b%e3%82%a2%e3%83%83%e3%83%97%e3%83%87/ - Mitigation, Vendor Advisory
First Time Kbdevice kb-irip04a
Kbdevice kb-irip08a
Kbdevice kb-irip08a Firmware
Kbdevice kb-ahr16d Firmware
Kbdevice
Kbdevice kb-irip04a Firmware
Kbdevice kb-ahr04d Firmware
Kbdevice kb-ahr08d
Kbdevice kb-ahr16d
Kbdevice kb-ahr04d
Kbdevice kb-irip16a Firmware
Kbdevice kb-ahr08d Firmware
Kbdevice kb-irip16a

13 Jun 2023, 10:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-06-13 10:15

Updated : 2024-02-28 20:13

NVD link : CVE-2023-30764

Mitre link : CVE-2023-30764

CVE.ORG link : CVE-2023-30764

JSON object : View

Products Affected

kbdevice

  • kb-irip08a
  • kb-ahr04d_firmware
  • kb-ahr16d_firmware
  • kb-ahr04d
  • kb-irip16a
  • kb-irip16a_firmware
  • kb-ahr16d
  • kb-irip04a_firmware
  • kb-irip08a_firmware
  • kb-ahr08d
  • kb-irip04a
  • kb-ahr08d_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')