Lucene search

[email protected]NVD:CVE-2023-6321

HistoryMay 15, 2024 - 1:15 p.m.

CVE-2023-6321

2024-05-1513:15:25

CWE-78

[email protected]

web.nvd.nist.gov

command injection

ota updates

root user

authenticated requests

vulnerability

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.6%

JSON

A command injection vulnerability exists in the IOCTL that manages OTA updates. A specially crafted command can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability.

References

bitdefender.com/blog/labs/notes-on-throughtek-kalay-vulnerabilities-and-their-impact/

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.6%

JSON

Related for NVD:CVE-2023-6321

cve1 cvelist1 vulnrichment1 thn1