CVE-2023-0432 Vulnerability Details

  /     /     /  

CVE-2023-0432 Metadata Quick Info

CVE Published: 31/03/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: icscert | Vendor: Delta Electronics | Product: DX-2100-L1-CN
Status : PUBLISHED

---

CVE-2023-0432 Description

The web configuration service of the affected device contains an authenticated command injection vulnerability. It can be used to execute system commands on the operating system (OS) from the device in the context of the user "root." If the attacker has credentials for the web service, then the device could be fully compromised.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-79
CWE Name: CWE-79 Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting )
Source: Delta Electronics

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).