CVE-2023-5684

A vulnerability was found in Byzoro Smart S85F Management Platform up to 20231012. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /importexport.php. The manipulation leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243061 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:byzoro:smart_s85f_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:byzoro:smart_s85f:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:42

Type Values Removed Values Added
CVSS v2 : 5.8
v3 : 9.8
v2 : 5.8
v3 : 4.7
References () https://github.com/Chef003/cve/blob/main/rce.md - Exploit, Third Party Advisory () https://github.com/Chef003/cve/blob/main/rce.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.243061 - Third Party Advisory () https://vuldb.com/?ctiid.243061 - Third Party Advisory
References () https://vuldb.com/?id.243061 - Third Party Advisory () https://vuldb.com/?id.243061 - Third Party Advisory
References () https://vuldb.com/?submit.219836 - () https://vuldb.com/?submit.219836 -

09 Apr 2024, 09:15

Type Values Removed Values Added
Summary (en) A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20231012. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /importexport.php. The manipulation leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243061 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. (en) A vulnerability was found in Byzoro Smart S85F Management Platform up to 20231012. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /importexport.php. The manipulation leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243061 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
  • () https://vuldb.com/?submit.219836 -

28 Oct 2023, 03:44

Type Values Removed Values Added
References (MISC) https://vuldb.com/?id.243061 - (MISC) https://vuldb.com/?id.243061 - Third Party Advisory
References (MISC) https://vuldb.com/?ctiid.243061 - (MISC) https://vuldb.com/?ctiid.243061 - Third Party Advisory
References (MISC) https://github.com/Chef003/cve/blob/main/rce.md - (MISC) https://github.com/Chef003/cve/blob/main/rce.md - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CWE CWE-78
First Time Byzoro
Byzoro smart S85f
Byzoro smart S85f Firmware
CPE cpe:2.3:h:byzoro:smart_s85f:-:*:*:*:*:*:*:*
cpe:2.3:o:byzoro:smart_s85f_firmware:*:*:*:*:*:*:*:*

21 Oct 2023, 08:33

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-21 07:15

Updated : 2024-11-21 08:42


NVD link : CVE-2023-5684

Mitre link : CVE-2023-5684

CVE.ORG link : CVE-2023-5684


JSON object : View

Products Affected

byzoro

  • smart_s85f_firmware
  • smart_s85f
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')