Details of VAR-202306-0596

ID

VAR-202306-0596

CVE

CVE-2023-33530

TITLE

Tenda G103 Command Injection Vulnerability (CNVD-2023-52857)

Trust: 0.6

sources: CNVD: CNVD-2023-52857

DESCRIPTION

There is a command injection vulnerability in the Tenda G103 Gigabit GPON Terminal with firmware version V1.0.0.5. If an attacker gains web management privileges, they can inject commands gaining shell privileges. Tenda G103 is a GPON fiber access device specially designed for home and SOHO users by China Tenda Company. The vulnerability stems from the fact that the application fails to properly filter and construct commands with special characters, commands, etc

Trust: 1.53

sources: NVD: CVE-2023-33530 // CNVD: CNVD-2023-52857 // VULMON: CVE-2023-33530

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2023-52857

AFFECTED PRODUCTS

vendor:

tenda

model:

g103

scope:

version:

1.0.0.5

Trust: 1.6

sources: CNVD: CNVD-2023-52857 // NVD: CVE-2023-33530

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-33530
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2023-33530
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2023-52857
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202306-333
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2023-52857
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-33530
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0

sources: CNVD: CNVD-2023-52857 // CNNVD: CNNVD-202306-333 // NVD: CVE-2023-33530 // NVD: CVE-2023-33530

PROBLEMTYPE DATA

problemtype:

CWE-77

Trust: 1.0

sources: NVD: CVE-2023-33530

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202306-333

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202306-333

EXTERNAL IDS

db:	NVD	id:	CVE-2023-33530	Trust: 2.3
db:	CNVD	id:	CNVD-2023-52857	Trust: 0.6
db:	CNNVD	id:	CNNVD-202306-333	Trust: 0.6
db:	VULMON	id:	CVE-2023-33530	Trust: 0.1

sources: CNVD: CNVD-2023-52857 // VULMON: CVE-2023-33530 // CNNVD: CNNVD-202306-333 // NVD: CVE-2023-33530

REFERENCES

url:	http://tenda.com	Trust: 1.7
url:	https://github.com/d2y6p/cve/blob/main/tenda/cve-2023-33530/rce2/tenda_g103_rce_2.pdf	Trust: 1.7
url:	https://cxsecurity.com/cveshow/cve-2023-33530/	Trust: 1.2
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2023-52857 // VULMON: CVE-2023-33530 // CNNVD: CNNVD-202306-333 // NVD: CVE-2023-33530

SOURCES

db:	CNVD	id:	CNVD-2023-52857
db:	VULMON	id:	CVE-2023-33530
db:	CNNVD	id:	CNNVD-202306-333
db:	NVD	id:	CVE-2023-33530

LAST UPDATE DATE

2025-01-08T23:12:28.498000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2023-52857	date:	2023-06-30T00:00:00
db:	VULMON	id:	CVE-2023-33530	date:	2023-06-06T00:00:00
db:	CNNVD	id:	CNNVD-202306-333	date:	2023-06-16T00:00:00
db:	NVD	id:	CVE-2023-33530	date:	2025-01-08T16:15:30.037

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2023-52857	date:	2023-06-30T00:00:00
db:	VULMON	id:	CVE-2023-33530	date:	2023-06-06T00:00:00
db:	CNNVD	id:	CNNVD-202306-333	date:	2023-06-06T00:00:00
db:	NVD	id:	CVE-2023-33530	date:	2023-06-06T13:15:15.900