Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Remote Code Execution in Baicells RTS Platform
Vulnerability Description
Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and Nova 246 devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
多款Baicells Nova产品跨站脚本漏洞
Vulnerability Description
Baicells Nova 227是一款微型基站。Baicells Nova 233是一款微型基站。Baicells Nova 243是一款微型基站。 Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB 固件版本为 RTS/RTD 3.6.6存在安全漏洞,该漏洞源于容易受到通过 HTTP 命令注入的远程 shell 代码利用。
CVSS Information
N/A
Vulnerability Type
N/A