Dodge-MPTC/CVE-2023-31446-Remote-Code-Execution

Releases0

Stars4

Repository contains description for CVE-2023-31446

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-31446 ↗	Jan 10, 2024Wednesday, 10 January 2024, 03:15	9.8 CRITICAL	—
In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup.