CVE-2023-43478

fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, allows unauthenticated attackers to upload firmware images and configuration backups, which could allow them to alter the firmware or the configuration on the device, ultimately leading to code execution as root.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.tenable.com/security/research/tra-2023-19	Exploit Third Party Advisory
https://www.tenable.com/security/research/tra-2023-19	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:telstra:arcadyan_lh1000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:telstra:arcadyan_lh1000:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:24

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~9.8~~	v2 : unknown v3 : 8.8
References	~~() https://www.tenable.com/security/research/tra-2023-19 - Exploit, Third Party Advisory~~	() https://www.tenable.com/security/research/tra-2023-19 - Exploit, Third Party Advisory

22 Sep 2023, 18:36

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
First Time		Telstra Telstra arcadyan Lh1000 Firmware Telstra arcadyan Lh1000
CPE		cpe:2.3:h:telstra:arcadyan_lh1000:-:::::::* cpe:2.3:o:telstra:arcadyan_lh1000_firmware::::::::
CWE		CWE-434
References	~~(MISC) https://www.tenable.com/security/research/tra-2023-19 -~~	(MISC) https://www.tenable.com/security/research/tra-2023-19 - Exploit, Third Party Advisory

20 Sep 2023, 14:25

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-09-20 14:15

Updated : 2024-11-21 08:24

NVD link : CVE-2023-43478

Mitre link : CVE-2023-43478

CVE.ORG link : CVE-2023-43478

JSON object : View

Products Affected

telstra

arcadyan_lh1000_firmware
arcadyan_lh1000

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2023-43478", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "vulnreport@tenable.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-09-20T14:15:15.127", "references": [{"url": "https://www.tenable.com/security/research/tra-2023-19", "tags": ["Exploit", "Third Party Advisory"], "source": "vulnreport@tenable.com"}, {"url": "https://www.tenable.com/security/research/tra-2023-19", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, allows unauthenticated attackers to upload firmware images and configuration backups, which could allow them to alter the firmware or the configuration on the device, ultimately leading to code execution as root.\u00a0"}, {"lang": "es", "value": "fake_upload.cgi en Telstra Smart Modem Gen 2 (Arcadyan LH1000), versiones de firmware < 0.18.15r, permite a atacantes no autenticados cargar im\u00e1genes de firmware y copias de seguridad de configuraci\u00f3n, lo que podr\u00eda permitirles alterar el firmware o la configuraci\u00f3n en el dispositivo, lo que en \u00faltima instancia lleva a para ejecutar el c\u00f3digo como root."}], "lastModified": "2024-11-21T08:24:07.540", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:telstra:arcadyan_lh1000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35A4EC70-8D90-4C41-AD63-0C531644C396", "versionEndExcluding": "0.18.15r"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:telstra:arcadyan_lh1000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "18BB9AA9-95B5-4EF5-B398-7B2E80991966"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "vulnreport@tenable.com"}