CVE-2023-0830

Name of the Vulnerable Software and Affected Versions EasyNAS version 1.1.0

Description A critical vulnerability has been found in the function system of the file /backup.pl, leading to os command injection. The manipulation can be launched remotely, and the exploit has been disclosed to the public. This issue arises due to the lack of measures to neutralize special elements used in the operating system command. As a result, an attacker acting remotely can execute arbitrary commands.

Recommendations For EasyNAS version 1.1.0, it is recommended to upgrade the affected component to resolve the issue. As a temporary workaround, consider disabling the /backup.pl file until a patch is available. Restrict access to the function system of the file /backup.pl to minimize the risk of exploitation.