CVE-2023-6576

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Dec 7, 2023

Updated: May 17, 2024

CWE ID 434

Summary

CVE-2023-6576 is a newly disclosed critical vulnerability affecting Byzoro S210 up to the version 20231123. The issue lies in the unknown code of the file /Tool/uploadfile.php within the HTTP POST Request Handler component. Manipulation of the argument file_upload results in an unrestricted file upload, which can be initiated remotely. The exploit for this vulnerability, identified as VDB-247156, has been made public, increasing the risk for potential attacks. Despite early notification, the vendor has not responded to disclosure efforts.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tuQj-K
https://www.cve.org/CVERecord?id=CVE-2023-6576
https://nvd.nist.gov/vuln/detail/CVE-2023-6576

Back to Vulnerability Database

CVE-2023-6576

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations