Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The web administration interface in NetModule Router Software (NRSW) 4.6 before 4.6.0.106 and 4.8 before 4.8.0.101 executes an OS command constructed with unsanitized user input: shell metacharacters in the /admin/gnssAutoAlign.php device_id parameter. This occurs because another thread can be started before the trap that triggers the cleanup function. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. NOTE: this is different from CVE-2023-0861 and CVE-2023-0862, which were fixed in version 4.6.0.105.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
NetModule Router Software 操作系统命令注入漏洞
Vulnerability Description
NetModule Router Software是NetModule的一款路由器。 NetModule Router Software(NRSW) 4.6.0.106之前的4.6.x版本和4.8.0.101之前的4.8.x版本存在安全漏洞,该漏洞源于使用未经净化的用户输入构造操作系统命令,利用该漏洞可能允许经过身份验证的用户以提升的权限执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A