Lucene search

MitreCVE-2023-43891

HistoryOct 02, 2023 - 10:15 p.m.

CVE-2023-43891

2023-10-0222:15:09

CWE-77

mitre

web.nvd.nist.gov

cve-2023-43891

netis n3mv2

command injection

changing username

password

vulnerability

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.013

Percentile

86.2%

JSON

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the Changing Username and Password function. This vulnerability is exploited via a crafted payload.

Affected configurations

Nvd

Node

netis-systemsn3mMatchv2

AND

netis-systemsn3m_firmwareMatch1.0.1.865

VendorProductVersionCPE
netis-systemsn3mv2cpe:2.3:h:netis-systems:n3m:v2:*:*:*:*:*:*:*
netis-systemsn3m_firmware1.0.1.865cpe:2.3:o:netis-systems:n3m_firmware:1.0.1.865:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netis-systems	n3m	v2	cpe:2.3:h:netis-systems:n3m:v2:::::::*
netis-systems	n3m_firmware	1.0.1.865	cpe:2.3:o:netis-systems:n3m_firmware:1.0.1.865:::::::*

References

github.com/adhikara13/CVE/blob/main/netis_N3/command%20injection%20in%20changing%20password%20feature.md

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.013

Percentile

86.2%

JSON

Related for CVE-2023-43891