CVE-2023-0776

Published: Feb 11, 2023Modified: Nov 21, 2024

10.0

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 6.0

Source: NVD

Description

Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices with firmware through QRTB 2.12.7 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce.

Affected (4)

Products: Baicells: Neutrino 430 Firmware, Nova430l Firmware, Nova430e Firmware, Nova436q Firmware

Baicells

4 products

Neutrino 430 Firmware

Nova430l Firmware

Nova430e Firmware

Nova436q Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Baicells Neutrino 430 Firmware	Up to qrtb_2.12.7

Running on/with	Platform Versions
Baicells Neutrino 430	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Baicells Nova430l Firmware	Up to qrtb_2.12.7

Running on/with	Platform Versions
Baicells Nova430l	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Baicells Nova430e Firmware	Up to qrtb_2.12.7

Running on/with	Platform Versions
Baicells Nova430e	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Baicells Nova436q Firmware	Up to qrtb_2.12.7

Running on/with	Platform Versions
Baicells Nova436q	All versions

Related CWEs

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://baicells.com/Service/Firmware

Source: security@baicells.com

PatchVendor Advisory

https://baicells.com/Service/Firmware

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.