Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Remote Code Execution in Baicells QRTB Platform
Vulnerability Description
Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices with firmware through QRTB 2.12.7 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Baicells Nova 命令注入漏洞
Vulnerability Description
Baicells Nova436Q是美国Baicells公司的一款先进的双载波户外 eNodeB (eNB)。 Baicells Nova 436Q、Nova 430E、Nova 430I、Neutrino 430 LTE TDD eNodeB devices QRTB 2.12.7版本及之前版本存在安全漏洞。攻击者利用该漏洞通过HTTP命令注入远程执行shell代码。
CVSS Information
N/A
Vulnerability Type
N/A