CVE-2023-31446

high-risk

Published 2024-01-10

In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup.

Do I need to act?

92.7% chance of exploitation in next 30 days

EPSS score — higher than 7% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (2)

Xc1000 Firmware

Xc2000 Firmware

Affected Vendors

Cassianetworks

References (6)

https://blog.kscsc.online/cves/202331446/md.html

Exploit https://github.com/Dodge-MPTC/CVE-2023-31446-Remote-Code-Execution

Product https://www.cassianetworks.com

https://blog.kscsc.online/cves/202331446/md.html

Exploit https://github.com/Dodge-MPTC/CVE-2023-31446-Remote-Code-Execution

Product https://www.cassianetworks.com

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 20/34 · Moderate

Exposure 7/34 · Low