A vulnerability was found in Byzoro Smart S80 up to 20231108. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/updatelib.php of the component PHP File Handler. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246103. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
Link | Resource |
---|---|
https://github.com/Carol7S/cve/blob/main/rce.md | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.246103 | Permissions Required Third Party Advisory VDB Entry |
https://vuldb.com/?id.246103 | Permissions Required Third Party Advisory VDB Entry |
https://vuldb.com/?submit.234888 |
Configurations
Configuration 1 (hide)
AND |
|
History
09 Apr 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | (en) A vulnerability was found in Byzoro Smart S80 up to 20231108. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/updatelib.php of the component PHP File Handler. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246103. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
04 Dec 2023, 15:08
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
First Time |
Byzoro smart S80
Byzoro Byzoro smart S80 Firmware |
|
CPE | cpe:2.3:o:byzoro:smart_s80_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:byzoro:smart_s80:-:*:*:*:*:*:*:* |
|
References | () https://vuldb.com/?id.246103 - Permissions Required, Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?ctiid.246103 - Permissions Required, Third Party Advisory, VDB Entry | |
References | () https://github.com/Carol7S/cve/blob/main/rce.md - Exploit, Third Party Advisory |
24 Nov 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-24 14:15
Updated : 2024-05-17 02:33
NVD link : CVE-2023-6274
Mitre link : CVE-2023-6274
CVE.ORG link : CVE-2023-6274
JSON object : View
Products Affected
byzoro
- smart_s80
- smart_s80_firmware
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type