CVE-2023-38865

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 15, 2023

Updated: Aug 22, 2023

CWE ID 77

Summary

CVE-2023-38865 is a command injection vulnerability affecting COMFAST CF-XR11 V2.7.2. The issue lies in the function sub_4143F0 where attackers can exploit the vulnerability by sending malicious POST requests to the /usr/bin/webmgnt endpoint. By injecting commands into the timestr parameter, adversaries can execute arbitrary system commands on the affected system. This vulnerability poses a significant risk and requires immediate attention from users and administrators to apply patches or workarounds to mitigate the threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

comFast

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sG6MGq
https://www.cve.org/CVERecord?id=CVE-2023-38865
https://nvd.nist.gov/vuln/detail/CVE-2023-38865

Back to Vulnerability Database

CVE-2023-38865

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations