Lucene search

[email protected]CVE-2023-26801

HistoryMar 26, 2023 - 9:15 p.m.

CVE-2023-26801

2023-03-2621:15:07

CWE-77

[email protected]

web.nvd.nist.gov

cve-2023-26801

lb-link

bl-ac1900_2.0

bl-wr9000

bl-x26

bl-lte300

command injection

vulnerability

nvd

information security

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.015 Low

EPSS

Percentile

86.8%

JSON

LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 were discovered to contain a command injection vulnerability via the mac, time1, and time2 parameters at /goform/set_LimitClient_cfg.

Affected configurations

NVD

Node

lb-linkbl-lte300_firmwareMatch1.0.8

AND

lb-linkbl-lte300Match-

Node

lb-linkbl-x26_firmwareMatch1.2.5

AND

lb-linkbl-x26Match-

Node

lb-linkbl-wr9000_firmwareMatch2.4.9

AND

lb-linkbl-wr9000Match-

Node

lb-linkbl-ac1900_firmwareMatch1.0.1

AND

lb-linkbl-ac1900Match2.0

CPENameOperatorVersion
lb-link:bl-lte300_firmwarelb-link bl-lte300 firmwareeq1.0.8

CPE	Name	Operator	Version
lb-link:bl-lte300_firmware	lb-link bl-lte300 firmware	eq	1.0.8

References

github.com/winmt/my-vuls/tree/main/LB-LINK%20BL-AC1900%2C%20BL-WR9000%2C%20BL-X26%20and%20BL-LTE300%20Wireless%20Routers

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.015 Low

EPSS

Percentile

86.8%

JSON

Related for CVE-2023-26801

akamaiblog1 thn1 nvd1 cvelist1 prion1