Sign-up

ID

VAR-202306-2154


CVE

CVE-2023-3450


TITLE

Ruijie Networks  of  rg-bcr860  in the firmware  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2023-014238

DESCRIPTION

A vulnerability was found in Ruijie RG-BCR860 2.5.13 and classified as critical. This issue affects some unknown processing of the component Network Diagnostic Page. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232547. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Ruijie Networks of rg-bcr860 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RG-BCR860 is a commercial cloud router from Ruijie Networks in China. Beijing Starnet Ruijie Network Technology Co., Ltd. Attackers can exploit this vulnerability to cause Arbitrary command execution

Trust: 2.25

sources: NVD: CVE-2023-3450 // JVNDB: JVNDB-2023-014238 // CNVD: CNVD-2023-54867 // VULMON: CVE-2023-3450

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-54867

AFFECTED PRODUCTS

vendor:ruijiemodel:rg-bcr860scope:eqversion:2.5.13

Trust: 1.0

vendor:ruijiemodel:rg-bcr860scope:eqversion:rg-bcr860 firmware 2.5.13

Trust: 0.8

vendor:ruijiemodel:rg-bcr860scope: - version: -

Trust: 0.8

vendor:ruijiemodel:rg-bcr860scope:eqversion: -

Trust: 0.8

vendor:starnet ruijie networkmodel:rg-bcr860scope:eqversion:2.5.13

Trust: 0.6

sources: CNVD: CNVD-2023-54867 // JVNDB: JVNDB-2023-014238 // NVD: CVE-2023-3450

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2023-3450
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2023-3450
value: HIGH

Trust: 1.0

NVD: CVE-2023-3450
value: HIGH

Trust: 0.8

CNVD: CNVD-2023-54867
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202306-2014
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2023-3450
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:L/AU:M/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: MULTIPLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2023-54867
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2023-3450
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.2
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2023-3450
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2023-3450
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2023-54867 // JVNDB: JVNDB-2023-014238 // CNNVD: CNNVD-202306-2014 // NVD: CVE-2023-3450 // NVD: CVE-2023-3450

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:OS Command injection (CWE-78) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-014238 // NVD: CVE-2023-3450

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202306-2014

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202306-2014

EXTERNAL IDS

db:NVDid:CVE-2023-3450

Trust: 3.9

db:VULDBid:232547

Trust: 3.1

db:JVNDBid:JVNDB-2023-014238

Trust: 0.8

db:CNVDid:CNVD-2023-54867

Trust: 0.6

db:CNNVDid:CNNVD-202306-2014

Trust: 0.6

db:VULMONid:CVE-2023-3450

Trust: 0.1

sources: CNVD: CNVD-2023-54867 // VULMON: CVE-2023-3450 // JVNDB: JVNDB-2023-014238 // CNNVD: CNNVD-202306-2014 // NVD: CVE-2023-3450

REFERENCES

url:https://vuldb.com/?id.232547

Trust: 3.1

url:https://github.com/rceraser/cve/blob/main/rg-bcr860.md

Trust: 2.5

url:https://vuldb.com/?ctiid.232547

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2023-3450

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-3450/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/78.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2023-54867 // VULMON: CVE-2023-3450 // JVNDB: JVNDB-2023-014238 // CNNVD: CNNVD-202306-2014 // NVD: CVE-2023-3450

SOURCES

db:CNVDid:CNVD-2023-54867
db:VULMONid:CVE-2023-3450
db:JVNDBid:JVNDB-2023-014238
db:CNNVDid:CNNVD-202306-2014
db:NVDid:CVE-2023-3450

LAST UPDATE DATE

2024-08-14T15:15:56.968000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-54867date:2023-07-07T00:00:00
db:VULMONid:CVE-2023-3450date:2023-06-28T00:00:00
db:JVNDBid:JVNDB-2023-014238date:2023-12-22T08:14:00
db:CNNVDid:CNNVD-202306-2014date:2023-07-07T00:00:00
db:NVDid:CVE-2023-3450date:2024-05-17T02:27:30.057

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-54867date:2023-07-07T00:00:00
db:VULMONid:CVE-2023-3450date:2023-06-28T00:00:00
db:JVNDBid:JVNDB-2023-014238date:2023-12-22T00:00:00
db:CNNVDid:CNNVD-202306-2014date:2023-06-28T00:00:00
db:NVDid:CVE-2023-3450date:2023-06-28T18:15:16.677