CVE-2023-49254 (GCVE-0-2023-49254)
Vulnerability from cvelistv5 – Published: 2024-01-12 14:23 – Updated: 2025-06-20 16:40
VLAI?
Title
Command injection in the network test tools
Summary
Authenticated user can execute arbitrary commands in the context of the root user by providing payload in the "destination" field of the network test tools. This is similar to the vulnerability CVE-2021-28151 mitigated on the user interface level by blacklisting characters with JavaScript, however, it can still be exploited by sending POST requests directly.
Severity ?
8.8 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hongdian | H8951-4G-ESP |
Affected:
0 , < 2310271149
(custom)
|
Credits
Robert Pogorzelski (SEQRED)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:44.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/en/posts/2024/01/CVE-2023-49253/"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/posts/2024/01/CVE-2023-49253/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-49254",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-12T16:01:11.234656Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T16:40:13.313Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "H8951-4G-ESP",
"vendor": "Hongdian",
"versions": [
{
"lessThan": "2310271149",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Robert Pogorzelski (SEQRED)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Authenticated user can execute arbitrary commands in the context of the root user by providing payload in the \"destination\" field of the network test tools. This is similar to the vulnerability CVE-2021-28151 mitigated on the user interface level by blacklisting characters with JavaScript, however, it can still be exploited by sending POST requests directly."
}
],
"value": "Authenticated user can execute arbitrary commands in the context of the root user by providing payload in the \"destination\" field of the network test tools. This is similar to the vulnerability CVE-2021-28151 mitigated on the user interface level by blacklisting characters with JavaScript, however, it can still be exploited by sending POST requests directly."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-12T14:23:41.508Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2024/01/CVE-2023-49253/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2024/01/CVE-2023-49253/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command injection in the network test tools",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2023-49254",
"datePublished": "2024-01-12T14:23:41.508Z",
"dateReserved": "2023-11-24T11:53:46.294Z",
"dateUpdated": "2025-06-20T16:40:13.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hongdian:h8951-4g-esp_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2310271149\", \"matchCriteriaId\": \"4391599E-AC50-4409-B8DE-D86CD4EACA35\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hongdian:h8951-4g-esp:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B44C0C6-3995-43DB-9B49-78110E5E7A43\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Authenticated user can execute arbitrary commands in the context of the root user by providing payload in the \\\"destination\\\" field of the network test tools. This is similar to the vulnerability CVE-2021-28151 mitigated on the user interface level by blacklisting characters with JavaScript, however, it can still be exploited by sending POST requests directly.\"}, {\"lang\": \"es\", \"value\": \"El usuario autenticado puede ejecutar comandos arbitrarios en el contexto del usuario root proporcionando un payload en el campo \\\"destination\\\" de las herramientas de prueba de red. Esto es similar a la vulnerabilidad CVE-2021-28151 mitigada en el nivel de la interfaz de usuario al incluir caracteres en la lista negra con JavaScript; sin embargo, a\\u00fan se puede explotar enviando solicitudes POST directamente.\"}]",
"id": "CVE-2023-49254",
"lastModified": "2024-11-21T08:33:07.753",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
"published": "2024-01-12T15:15:09.017",
"references": "[{\"url\": \"https://cert.pl/en/posts/2024/01/CVE-2023-49253/\", \"source\": \"cvd@cert.pl\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://cert.pl/posts/2024/01/CVE-2023-49253/\", \"source\": \"cvd@cert.pl\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://cert.pl/en/posts/2024/01/CVE-2023-49253/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://cert.pl/posts/2024/01/CVE-2023-49253/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cvd@cert.pl",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"cvd@cert.pl\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-49254\",\"sourceIdentifier\":\"cvd@cert.pl\",\"published\":\"2024-01-12T15:15:09.017\",\"lastModified\":\"2025-06-20T17:15:32.833\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Authenticated user can execute arbitrary commands in the context of the root user by providing payload in the \\\"destination\\\" field of the network test tools. This is similar to the vulnerability CVE-2021-28151 mitigated on the user interface level by blacklisting characters with JavaScript, however, it can still be exploited by sending POST requests directly.\"},{\"lang\":\"es\",\"value\":\"El usuario autenticado puede ejecutar comandos arbitrarios en el contexto del usuario root proporcionando un payload en el campo \\\"destination\\\" de las herramientas de prueba de red. Esto es similar a la vulnerabilidad CVE-2021-28151 mitigada en el nivel de la interfaz de usuario al incluir caracteres en la lista negra con JavaScript; sin embargo, a\u00fan se puede explotar enviando solicitudes POST directamente.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"cvd@cert.pl\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hongdian:h8951-4g-esp_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2310271149\",\"matchCriteriaId\":\"4391599E-AC50-4409-B8DE-D86CD4EACA35\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hongdian:h8951-4g-esp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B44C0C6-3995-43DB-9B49-78110E5E7A43\"}]}]}],\"references\":[{\"url\":\"https://cert.pl/en/posts/2024/01/CVE-2023-49253/\",\"source\":\"cvd@cert.pl\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert.pl/posts/2024/01/CVE-2023-49253/\",\"source\":\"cvd@cert.pl\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert.pl/en/posts/2024/01/CVE-2023-49253/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert.pl/posts/2024/01/CVE-2023-49253/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://cert.pl/en/posts/2024/01/CVE-2023-49253/\", \"tags\": [\"third-party-advisory\", \"x_transferred\"]}, {\"url\": \"https://cert.pl/posts/2024/01/CVE-2023-49253/\", \"tags\": [\"third-party-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T21:53:44.880Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-49254\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-01-12T16:01:11.234656Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-20T16:40:08.623Z\"}}], \"cna\": {\"title\": \"Command injection in the network test tools\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Robert Pogorzelski (SEQRED)\"}], \"impacts\": [{\"capecId\": \"CAPEC-88\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-88 OS Command Injection\"}]}], \"affected\": [{\"vendor\": \"Hongdian\", \"product\": \"H8951-4G-ESP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2310271149\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://cert.pl/en/posts/2024/01/CVE-2023-49253/\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://cert.pl/posts/2024/01/CVE-2023-49253/\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Authenticated user can execute arbitrary commands in the context of the root user by providing payload in the \\\"destination\\\" field of the network test tools. This is similar to the vulnerability CVE-2021-28151 mitigated on the user interface level by blacklisting characters with JavaScript, however, it can still be exploited by sending POST requests directly.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Authenticated user can execute arbitrary commands in the context of the root user by providing payload in the \\\"destination\\\" field of the network test tools. This is similar to the vulnerability CVE-2021-28151 mitigated on the user interface level by blacklisting characters with JavaScript, however, it can still be exploited by sending POST requests directly.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"4bb8329e-dd38-46c1-aafb-9bf32bcb93c6\", \"shortName\": \"CERT-PL\", \"dateUpdated\": \"2024-01-12T14:23:41.508Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-49254\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-20T16:40:13.313Z\", \"dateReserved\": \"2023-11-24T11:53:46.294Z\", \"assignerOrgId\": \"4bb8329e-dd38-46c1-aafb-9bf32bcb93c6\", \"datePublished\": \"2024-01-12T14:23:41.508Z\", \"assignerShortName\": \"CERT-PL\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…