Lucene search

MitreCVE-2023-29805

HistoryApr 14, 2023 - 2:15 p.m.

CVE-2023-29805

2023-04-1414:15:11

CWE-78

mitre

web.nvd.nist.gov

cve-2023-29805

wfs-sr03

command injection

vulnerability

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

55.6%

JSON

WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the pro_stor_canceltrans_handler_part_19 function.

Affected configurations

Nvd

Node

iodatawfs-sr03w_firmwareMatch1.03

AND

iodatawfs-sr03wMatch-

Node

iodatawfs-sr03k_firmwareMatch1.03

AND

iodatawfs-sr03kMatch-

VendorProductVersionCPE
iodatawfs-sr03w_firmware1.03cpe:2.3:o:iodata:wfs-sr03w_firmware:1.03:*:*:*:*:*:*:*
iodatawfs-sr03w-cpe:2.3:h:iodata:wfs-sr03w:-:*:*:*:*:*:*:*
iodatawfs-sr03k_firmware1.03cpe:2.3:o:iodata:wfs-sr03k_firmware:1.03:*:*:*:*:*:*:*
iodatawfs-sr03k-cpe:2.3:h:iodata:wfs-sr03k:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
iodata	wfs-sr03w_firmware	1.03	cpe:2.3:o:iodata:wfs-sr03w_firmware:1.03:::::::*
iodata	wfs-sr03w	-	cpe:2.3:h:iodata:wfs-sr03w:-:::::::*
iodata	wfs-sr03k_firmware	1.03	cpe:2.3:o:iodata:wfs-sr03k_firmware:1.03:::::::*
iodata	wfs-sr03k	-	cpe:2.3:h:iodata:wfs-sr03k:-:::::::*

References

sore-pail-31b.notion.site/Command-Injection-2-WFS-SR03-436d09790c2f4e31b197c39711e17775

Social References

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

55.6%

JSON

Related for CVE-2023-29805