CVE-2023-31446 | Cassia Gateway XC1000_2.1.1.2303082218/XC2000_2.1.1.2303090947 /bypass/config queueUrl os command injection

Inserito da Angelo Barbosa | Gen 10, 2024 | CVE

A vulnerability classified as critical was found in Cassia Gateway XC1000_2.1.1.2303082218/XC2000_2.1.1.2303090947. This vulnerability affects unknown code of the file /bypass/config. The manipulation of the argument queueUrl leads to os command injection.

This vulnerability was named CVE-2023-31446. The attack can only be initiated within the local network. There is no exploit available.

CVE-2023-31446 | Cassia Gateway XC1000_2.1.1.2303082218/XC2000_2.1.1.2303090947 /bypass/config queueUrl os command injection

Post correlati

CVE-2024-3875 | Tenda F1202 1.2.0.20(408) /goform/Natlimit fromNatlimit page stack-based overflow

CVE-2024-8131 | D-Link DNS-1550-04 up to 20240814 HTTP POST Request /cgi-bin/apkg_mgr.cgi module_enable_disable f_module_name command injection (SAP10383)

CVE-2024-37169 | jasonraimondi url-to-png up to 2.0.2 Screenshot path traversal (ID 47)

CVE-2024-31114 | biplob018 Shortcode Addons Plugin up to 3.2.5 on WordPress unrestricted upload