CVE-2023-31446

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cassia Gateway firmware XC1000 2.1.1.2303082218 Cassia Gateway firmware XC2000 2.1.1.2303090947

Description The issue is related to the queueUrl parameter in the "/bypass/config" API endpoint, which is not properly sanitized. This allows for the injection of Bash code, which can be executed with root privileges on device startup. The vulnerability can be exploited remotely.

Recommendations For Cassia Gateway firmware XC1000 2.1.1.2303082218, consider disabling the /bypass/config API endpoint until a patch is available. For Cassia Gateway firmware XC2000 2.1.1.2303090947, restrict access to the queueUrl parameter in the /bypass/config API endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the queueUrl parameter in the affected API endpoint until the issue is resolved.

Exploit

Fix

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

BDU:2024-00268

CVE-2023-31446

Affected Products

Cassia Gateway Firmware Xc1000

Cassia Gateway Firmware Xc2000

CVE-2023-31446

Weakness Enumeration

Related Identifiers

Affected Products

References · 15