A vulnerability was found in Byzoro Smart S80 up to 20231108. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/updatelib.php of the component PHP File Handler. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246103. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
Link | Resource |
---|---|
https://github.com/Carol7S/cve/blob/main/rce.md | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.246103 | Permissions Required Third Party Advisory VDB Entry |
https://vuldb.com/?id.246103 | Permissions Required Third Party Advisory VDB Entry |
https://vuldb.com/?submit.234888 | |
https://github.com/Carol7S/cve/blob/main/rce.md | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.246103 | Permissions Required Third Party Advisory VDB Entry |
https://vuldb.com/?id.246103 | Permissions Required Third Party Advisory VDB Entry |
https://vuldb.com/?submit.234888 |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 08:43
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 6.3 |
References | () https://github.com/Carol7S/cve/blob/main/rce.md - Exploit, Third Party Advisory | |
References | () https://vuldb.com/?ctiid.246103 - Permissions Required, Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?id.246103 - Permissions Required, Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?submit.234888 - |
09 Apr 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | (en) A vulnerability was found in Byzoro Smart S80 up to 20231108. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/updatelib.php of the component PHP File Handler. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246103. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
04 Dec 2023, 15:08
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:byzoro:smart_s80_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:byzoro:smart_s80:-:*:*:*:*:*:*:* |
|
References | () https://vuldb.com/?id.246103 - Permissions Required, Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?ctiid.246103 - Permissions Required, Third Party Advisory, VDB Entry | |
References | () https://github.com/Carol7S/cve/blob/main/rce.md - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
First Time |
Byzoro smart S80
Byzoro Byzoro smart S80 Firmware |
24 Nov 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-24 14:15
Updated : 2024-11-21 08:43
NVD link : CVE-2023-6274
Mitre link : CVE-2023-6274
CVE.ORG link : CVE-2023-6274
JSON object : View
Products Affected
byzoro
- smart_s80_firmware
- smart_s80
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type