Multisuns EasyLog web+ has a code injection vulnerability. An unauthenticated remote attacker can exploit this vulnerability to inject code and access the system to perform arbitrary system operations or disrupt service.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/tw/cp-132-7605-2d86d-1.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
22 Dec 2023, 16:05
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.twcert.org.tw/tw/cp-132-7605-2d86d-1.html - Third Party Advisory | |
CPE | cpe:2.3:o:multisuns:easylog_web\+_firmware:1.13.2.8:*:*:*:*:*:*:* cpe:2.3:h:multisuns:easylog_web\+:-:*:*:*:*:*:*:* |
|
First Time |
Multisuns easylog Web\+
Multisuns Multisuns easylog Web\+ Firmware |
|
CWE | CWE-94 |
15 Dec 2023, 13:42
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-15 09:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-48390
Mitre link : CVE-2023-48390
CVE.ORG link : CVE-2023-48390
JSON object : View
Products Affected
multisuns
- easylog_web\+_firmware
- easylog_web\+
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')