CVE Vulnerability

CVE-2023-0830

A vulnerability classified as critical has been found in EasyNAS 1.1.0. Affected is the function system of the file /backup.pl. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. VDB-220950 is the identifier assigned to this vulnerability.

8.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://vuldb.com/?ctiid.220950 Permissions Required Third Party Advisory
https://gist.github.com/xbz0n/674af0e802efaaafe90d2f67464c2690 Exploit Third Party Advisory
https://vuldb.com/?id.220950 Third Party Advisory VDB Entry
Configurations

Configuration 1

cpe:2.3:a:easynas:easynas:1.1.0:*:*:*:*:*:*:*
Information

Published : 2023-02-14 05:15

Updated : 2023-02-22 05:14

NVD link : CVE-2023-0830

Mitre link : CVE-2023-0830

Products Affected

Easynas

CWE
CWE-78