CVE-2023-48243

Name of the Vulnerable Software and Affected Versions NEXO-OS (affected versions not specified)

Description The issue allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this issue, it is possible to obtain remote code execution (RCE) with root privileges on the device. The vulnerability is related to incorrect restriction of the directory path name with limited access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.