CVE-2023-0862 (GCVE-0-2023-0862)
Vulnerability from cvelistv5 – Published: 2023-02-16 09:07 – Updated: 2025-03-18 14:50
VLAI?
Summary
The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading malicious files to the web root directory, authenticated users could gain remote command execution with elevated privileges.
This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103.
Severity ?
7.2 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
Credits
Quentin Kaiser from ONEKEY Research Labs
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://share.netmodule.com/public/system-software/4.7/4.7.0.103/NRSW-RN-4.7.0.103.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://onekey.com/blog/security-advisory-netmodule-multiple-vulnerabilities/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0862",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-18T14:50:33.476944Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T14:50:42.840Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"web administration interface"
],
"product": "NSRW",
"vendor": "NetModule",
"versions": [
{
"lessThan": "4.3.0.119",
"status": "affected",
"version": "4.3.0.0",
"versionType": "4.3.0.119"
},
{
"lessThan": "4.4.0.118",
"status": "affected",
"version": "4.4.0.0",
"versionType": "4.4.0.118"
},
{
"lessThan": "4.6.0.105",
"status": "affected",
"version": "4.6.0.0",
"versionType": "4.6.0.105"
},
{
"lessThan": "4.7.0.103",
"status": "affected",
"version": "4.7.0.0",
"versionType": "4.7.0.103"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Quentin Kaiser from ONEKEY Research Labs"
}
],
"datePublic": "2023-02-16T09:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading malicious files to the web root directory, authenticated users could gain remote command execution with elevated privileges.\u003cbr\u003e\u003cbr\u003eThis issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103.\u003cbr\u003e"
}
],
"value": "The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading malicious files to the web root directory, authenticated users could gain remote command execution with elevated privileges.\n\nThis issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-21T08:24:22.762Z",
"orgId": "2d533b80-6e4a-4e20-93e2-171235122846",
"shortName": "ONEKEY"
},
"references": [
{
"url": "https://share.netmodule.com/public/system-software/4.7/4.7.0.103/NRSW-RN-4.7.0.103.pdf"
},
{
"url": "https://onekey.com/blog/security-advisory-netmodule-multiple-vulnerabilities/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Path Traversal in NetModule NSRW",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2d533b80-6e4a-4e20-93e2-171235122846",
"assignerShortName": "ONEKEY",
"cveId": "CVE-2023-0862",
"datePublished": "2023-02-16T09:07:09.930Z",
"dateReserved": "2023-02-16T09:01:36.192Z",
"dateUpdated": "2025-03-18T14:50:42.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netmodule:netmodule_router_software:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.3.0.0\", \"versionEndExcluding\": \"4.3.0.119\", \"matchCriteriaId\": \"FA6AD24E-E27F-4078-8066-AB0E0D1CAA33\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netmodule:netmodule_router_software:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.4.0.0\", \"versionEndExcluding\": \"4.4.0.118\", \"matchCriteriaId\": \"8000F0E9-A55B-472E-B71E-20097FC15C58\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netmodule:netmodule_router_software:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.6.0.0\", \"versionEndExcluding\": \"4.6.0.105\", \"matchCriteriaId\": \"EFFBFAD7-53CB-4755-A338-2FE945B3689F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netmodule:netmodule_router_software:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.7.0.0\", \"versionEndExcluding\": \"4.7.0.103\", \"matchCriteriaId\": \"B543F356-8395-4F7E-A3C8-1A5DB362533C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:netmodule:nb1601:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C90BC32-C405-4178-B944-9CF39C212C46\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:netmodule:nb1800:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A80AE348-C415-4B5F-B359-26E2F2A132F7\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:netmodule:nb1810:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A3CF8E81-2EB5-4CDC-9FC9-CEAF4E1E7514\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:netmodule:nb2800:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EFF579A1-A31C-47F3-912A-43F5B4894497\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:netmodule:nb2810:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"41310FAF-CD23-4126-942D-DA950A96DF3E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:netmodule:nb3701:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"962F7AFA-76A3-4F83-AA2C-AB168C644104\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:netmodule:nb3800:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7120564A-4FE0-403E-A976-9658A665E51A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:netmodule:nb800:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B550124-772B-4384-BA89-72B68E01F61E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:netmodule:ng800:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0408E588-146F-4AD2-9D58-A12EBA83A697\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading malicious files to the web root directory, authenticated users could gain remote command execution with elevated privileges.\\n\\nThis issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103.\\n\"}]",
"id": "CVE-2023-0862",
"lastModified": "2024-11-21T07:37:59.533",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"research@onekey.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
"published": "2023-02-16T10:15:11.983",
"references": "[{\"url\": \"https://onekey.com/blog/security-advisory-netmodule-multiple-vulnerabilities/\", \"source\": \"research@onekey.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://share.netmodule.com/public/system-software/4.7/4.7.0.103/NRSW-RN-4.7.0.103.pdf\", \"source\": \"research@onekey.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://onekey.com/blog/security-advisory-netmodule-multiple-vulnerabilities/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://share.netmodule.com/public/system-software/4.7/4.7.0.103/NRSW-RN-4.7.0.103.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "research@onekey.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"research@onekey.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-0862\",\"sourceIdentifier\":\"research@onekey.com\",\"published\":\"2023-02-16T10:15:11.983\",\"lastModified\":\"2024-11-21T07:37:59.533\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading malicious files to the web root directory, authenticated users could gain remote command execution with elevated privileges.\\n\\nThis issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103.\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"research@onekey.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"research@onekey.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netmodule:netmodule_router_software:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.3.0.0\",\"versionEndExcluding\":\"4.3.0.119\",\"matchCriteriaId\":\"FA6AD24E-E27F-4078-8066-AB0E0D1CAA33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netmodule:netmodule_router_software:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.4.0.0\",\"versionEndExcluding\":\"4.4.0.118\",\"matchCriteriaId\":\"8000F0E9-A55B-472E-B71E-20097FC15C58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netmodule:netmodule_router_software:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.6.0.0\",\"versionEndExcluding\":\"4.6.0.105\",\"matchCriteriaId\":\"EFFBFAD7-53CB-4755-A338-2FE945B3689F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netmodule:netmodule_router_software:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.7.0.0\",\"versionEndExcluding\":\"4.7.0.103\",\"matchCriteriaId\":\"B543F356-8395-4F7E-A3C8-1A5DB362533C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netmodule:nb1601:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C90BC32-C405-4178-B944-9CF39C212C46\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netmodule:nb1800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A80AE348-C415-4B5F-B359-26E2F2A132F7\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netmodule:nb1810:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3CF8E81-2EB5-4CDC-9FC9-CEAF4E1E7514\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netmodule:nb2800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFF579A1-A31C-47F3-912A-43F5B4894497\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netmodule:nb2810:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41310FAF-CD23-4126-942D-DA950A96DF3E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netmodule:nb3701:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"962F7AFA-76A3-4F83-AA2C-AB168C644104\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netmodule:nb3800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7120564A-4FE0-403E-A976-9658A665E51A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netmodule:nb800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B550124-772B-4384-BA89-72B68E01F61E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netmodule:ng800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0408E588-146F-4AD2-9D58-A12EBA83A697\"}]}]}],\"references\":[{\"url\":\"https://onekey.com/blog/security-advisory-netmodule-multiple-vulnerabilities/\",\"source\":\"research@onekey.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://share.netmodule.com/public/system-software/4.7/4.7.0.103/NRSW-RN-4.7.0.103.pdf\",\"source\":\"research@onekey.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://onekey.com/blog/security-advisory-netmodule-multiple-vulnerabilities/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://share.netmodule.com/public/system-software/4.7/4.7.0.103/NRSW-RN-4.7.0.103.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://share.netmodule.com/public/system-software/4.7/4.7.0.103/NRSW-RN-4.7.0.103.pdf\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://onekey.com/blog/security-advisory-netmodule-multiple-vulnerabilities/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T05:24:34.659Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-0862\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-18T14:50:33.476944Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-18T14:50:03.518Z\"}}], \"cna\": {\"title\": \"Path Traversal in NetModule NSRW\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Quentin Kaiser from ONEKEY Research Labs\"}], \"impacts\": [{\"capecId\": \"CAPEC-126\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-126 Path Traversal\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"NetModule\", \"modules\": [\"web administration interface\"], \"product\": \"NSRW\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.3.0.0\", \"lessThan\": \"4.3.0.119\", \"versionType\": \"4.3.0.119\"}, {\"status\": \"affected\", \"version\": \"4.4.0.0\", \"lessThan\": \"4.4.0.118\", \"versionType\": \"4.4.0.118\"}, {\"status\": \"affected\", \"version\": \"4.6.0.0\", \"lessThan\": \"4.6.0.105\", \"versionType\": \"4.6.0.105\"}, {\"status\": \"affected\", \"version\": \"4.7.0.0\", \"lessThan\": \"4.7.0.103\", \"versionType\": \"4.7.0.103\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2023-02-16T09:00:00.000Z\", \"references\": [{\"url\": \"https://share.netmodule.com/public/system-software/4.7/4.7.0.103/NRSW-RN-4.7.0.103.pdf\"}, {\"url\": \"https://onekey.com/blog/security-advisory-netmodule-multiple-vulnerabilities/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading malicious files to the web root directory, authenticated users could gain remote command execution with elevated privileges.\\n\\nThis issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103.\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading malicious files to the web root directory, authenticated users could gain remote command execution with elevated privileges.\u003cbr\u003e\u003cbr\u003eThis issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103.\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"2d533b80-6e4a-4e20-93e2-171235122846\", \"shortName\": \"ONEKEY\", \"dateUpdated\": \"2023-02-21T08:24:22.762Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-0862\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-18T14:50:42.840Z\", \"dateReserved\": \"2023-02-16T09:01:36.192Z\", \"assignerOrgId\": \"2d533b80-6e4a-4e20-93e2-171235122846\", \"datePublished\": \"2023-02-16T09:07:09.930Z\", \"assignerShortName\": \"ONEKEY\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…