CVE-2023-0830

moderate-risk
Published 2023-02-14

A vulnerability classified as critical has been found in EasyNAS 1.1.0. Affected is the function system of the file /backup.pl. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

Do I need to act?

!
38.5% chance of exploitation in next 30 days
EPSS score — higher than 61% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
51266
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.3/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Easynas

References (8)

https://github.com/xbz0n/CVE-2023-0830
Permissions Required https://vuldb.com/?ctiid.220950
Third Party Advisory https://vuldb.com/?id.220950
https://vuldb.com/?submit.86683
https://www.exploit-db.com/exploits/51266
Exploit https://gist.github.com/xbz0n/674af0e802efaaafe90d2f67464c2690
Permissions Required https://vuldb.com/?ctiid.220950
Third Party Advisory https://vuldb.com/?id.220950
45
/ 100
moderate-risk
Severity 23/34 · High
Exploitability 17/34 · Moderate
Exposure 5/34 · Minimal