CVE-2023-48390

Multisuns EasyLog web+ has a code injection vulnerability. An unauthenticated remote attacker can exploit this vulnerability to inject code and access the system to perform arbitrary system operations or disrupt service.
References
Link Resource
https://www.twcert.org.tw/tw/cp-132-7605-2d86d-1.html Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:multisuns:easylog_web\+_firmware:1.13.2.8:*:*:*:*:*:*:*
cpe:2.3:h:multisuns:easylog_web\+:-:*:*:*:*:*:*:*

History

22 Dec 2023, 16:05

Type Values Removed Values Added
References () https://www.twcert.org.tw/tw/cp-132-7605-2d86d-1.html - () https://www.twcert.org.tw/tw/cp-132-7605-2d86d-1.html - Third Party Advisory
CPE cpe:2.3:o:multisuns:easylog_web\+_firmware:1.13.2.8:*:*:*:*:*:*:*
cpe:2.3:h:multisuns:easylog_web\+:-:*:*:*:*:*:*:*
First Time Multisuns easylog Web\+
Multisuns
Multisuns easylog Web\+ Firmware
CWE CWE-94

15 Dec 2023, 13:42

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-15 09:15

Updated : 2024-02-28 20:54


NVD link : CVE-2023-48390

Mitre link : CVE-2023-48390

CVE.ORG link : CVE-2023-48390


JSON object : View

Products Affected

multisuns

  • easylog_web\+_firmware
  • easylog_web\+
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')