Sign-up

ID

VAR-202302-1451


CVE

CVE-2023-0862


TITLE

NetModule  of  netmodule router software  Past traversal vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-004138

DESCRIPTION

The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading malicious files to the web root directory, authenticated users could gain remote command execution with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103. NetModule of netmodule router software Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The issue affects NSRW packaged by Phoenix Contact routers: from 4.6.72.0 prior to 4.6.72.101, from 4.6.73.0 prior to 4.6.73.101

Trust: 1.8

sources: NVD: CVE-2023-0862 // JVNDB: JVNDB-2023-004138 // VULHUB: VHN-454974 // VULMON: CVE-2023-0862

AFFECTED PRODUCTS

vendor:netmodulemodel:router softwarescope:gteversion:4.3.0.0

Trust: 1.0

vendor:netmodulemodel:router softwarescope:gteversion:4.6.0.0

Trust: 1.0

vendor:netmodulemodel:router softwarescope:ltversion:4.4.0.118

Trust: 1.0

vendor:netmodulemodel:router softwarescope:ltversion:4.6.0.105

Trust: 1.0

vendor:netmodulemodel:router softwarescope:gteversion:4.7.0.0

Trust: 1.0

vendor:netmodulemodel:router softwarescope:gteversion:4.4.0.0

Trust: 1.0

vendor:netmodulemodel:router softwarescope:ltversion:4.3.0.119

Trust: 1.0

vendor:netmodulemodel:router softwarescope:ltversion:4.7.0.103

Trust: 1.0

vendor:netmodulemodel:router softwarescope:eqversion:4.7.0.0 that's all 4.7.0.103

Trust: 0.8

vendor:netmodulemodel:router softwarescope:eqversion:4.6.0.0 that's all 4.6.0.105

Trust: 0.8

vendor:netmodulemodel:router softwarescope:eqversion:4.3.0.0 that's all 4.3.0.119

Trust: 0.8

vendor:netmodulemodel:router softwarescope:eqversion: -

Trust: 0.8

vendor:netmodulemodel:router softwarescope:eqversion:4.4.0.0 that's all 4.4.0.118

Trust: 0.8

vendor:netmodulemodel:router softwarescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-004138 // NVD: CVE-2023-0862

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-0862
value: HIGH

Trust: 1.0

research@onekey.com: CVE-2023-0862
value: HIGH

Trust: 1.0

NVD: CVE-2023-0862
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202302-1352
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2023-0862
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

research@onekey.com: CVE-2023-0862
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2023-0862
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-004138 // CNNVD: CNNVD-202302-1352 // NVD: CVE-2023-0862 // NVD: CVE-2023-0862

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.1

problemtype:Path traversal (CWE-22) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-454974 // JVNDB: JVNDB-2023-004138 // NVD: CVE-2023-0862

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-1352

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202302-1352

PATCH

title:NetModule NSRW Repair measures for path traversal vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=226775

Trust: 0.6

title: - url:https://github.com/Live-Hack-CVE/CVE-2023-0862

Trust: 0.1

sources: VULMON: CVE-2023-0862 // CNNVD: CNNVD-202302-1352

EXTERNAL IDS

db:NVDid:CVE-2023-0862

Trust: 3.4

db:JVNDBid:JVNDB-2023-004138

Trust: 0.8

db:CNNVDid:CNNVD-202302-1352

Trust: 0.6

db:VULHUBid:VHN-454974

Trust: 0.1

db:VULMONid:CVE-2023-0862

Trust: 0.1

sources: VULHUB: VHN-454974 // VULMON: CVE-2023-0862 // JVNDB: JVNDB-2023-004138 // CNNVD: CNNVD-202302-1352 // NVD: CVE-2023-0862

REFERENCES

url:https://onekey.com/blog/security-advisory-netmodule-multiple-vulnerabilities/

Trust: 2.6

url:https://share.netmodule.com/public/system-software/4.7/4.7.0.103/nrsw-rn-4.7.0.103.pdf

Trust: 2.6

url:https://nvd.nist.gov/vuln/detail/cve-2023-0862

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-0862/

Trust: 0.6

url:https://github.com/live-hack-cve/cve-2023-0862

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-454974 // VULMON: CVE-2023-0862 // JVNDB: JVNDB-2023-004138 // CNNVD: CNNVD-202302-1352 // NVD: CVE-2023-0862

SOURCES

db:VULHUBid:VHN-454974
db:VULMONid:CVE-2023-0862
db:JVNDBid:JVNDB-2023-004138
db:CNNVDid:CNNVD-202302-1352
db:NVDid:CVE-2023-0862

LAST UPDATE DATE

2024-08-14T15:05:53.571000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-454974date:2023-02-24T00:00:00
db:VULMONid:CVE-2023-0862date:2023-02-16T00:00:00
db:JVNDBid:JVNDB-2023-004138date:2023-10-26T03:55:00
db:CNNVDid:CNNVD-202302-1352date:2023-02-27T00:00:00
db:NVDid:CVE-2023-0862date:2023-11-07T04:01:44.163

SOURCES RELEASE DATE

db:VULHUBid:VHN-454974date:2023-02-16T00:00:00
db:VULMONid:CVE-2023-0862date:2023-02-16T00:00:00
db:JVNDBid:JVNDB-2023-004138date:2023-10-26T00:00:00
db:CNNVDid:CNNVD-202302-1352date:2023-02-16T00:00:00
db:NVDid:CVE-2023-0862date:2023-02-16T10:15:11.983