Source |
CVE Liste |
Identifiant |
8310808 |
Date de publication |
2023-02-16 10:15:11 (vue: 2023-02-16 12:06:46) |
Titre |
CVE-2023-0862 |
Texte |
The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading malicious files to the web root directory, authenticated users could gain remote command execution with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103. The issue affects NSRW packaged by Phoenix Contact routers: from 4.6.72.0 before 4.6.72.101, from 4.6.73.0 before 4.6.73.101. |
Envoyé |
Oui |
Condensat |
0862 101 103 105 118 119 2023 administration affects arbitrary authenticated before command contact could cve deletion directory elevated execution file files from gain interface issue lead malicious netmodule nsrw nsrw: packaged path phoenix privileges remote root routers: traversals uploading uploads users vulnerable web which |
Tags |
Guideline
|
Stories |
|
Notes |
|
Move |
|