CVE-2023-50383

Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `localPin` request's parameter.
Configurations

Configuration 1 (hide)

cpe:2.3:a:realtek:rtl819x_jungle_software_development_kit:3.4.11:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:level1:wbr-6013_firmware:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*
cpe:2.3:h:level1:wbr-6013:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:36

Type Values Removed Values Added
References () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1899 - Third Party Advisory () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1899 - Third Party Advisory

11 Jul 2024, 16:06

Type Values Removed Values Added
References () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1899 - () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1899 - Third Party Advisory
First Time Level1 wbr-6013 Firmware
Realtek
Level1
Level1 wbr-6013
Realtek rtl819x Jungle Software Development Kit
Summary
  • (es) Existen tres vulnerabilidades de inyección de comandos del sistema operativo en la funcionalidad boa formWsc de Realtek rtl819x Jungle SDK v3.4.11. Una serie de solicitudes HTTP especialmente manipuladas pueden conducir a la ejecución de comandos arbitrarios. Un atacante puede enviar una serie de solicitudes HTTP para activar estas vulnerabilidades. Esta inyección de comando está relacionada con el parámetro de solicitud "localPin".
CPE cpe:2.3:o:level1:wbr-6013_firmware:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*
cpe:2.3:h:level1:wbr-6013:-:*:*:*:*:*:*:*
cpe:2.3:a:realtek:rtl819x_jungle_software_development_kit:3.4.11:*:*:*:*:*:*:*

08 Jul 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-08 16:15

Updated : 2024-11-21 08:36


NVD link : CVE-2023-50383

Mitre link : CVE-2023-50383

CVE.ORG link : CVE-2023-50383


JSON object : View

Products Affected

realtek

  • rtl819x_jungle_software_development_kit

level1

  • wbr-6013
  • wbr-6013_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')