← Back

CVE-2023-0862

nvd nist
Published: Feb 16, 2023Modified: Jun 17, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading malicious files to the web root directory, authenticated users could gain remote command execution with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103.

Affected (4)

Netmodule
1 product
Netmodule Router Software
Configuration A
4 vulnerable · 9 platform
Vulnerable SoftwareAffected Versions
Netmodule
Netmodule Router Software
From 4.3.0.0 to 4.3.0.119
Netmodule Router Software
From 4.4.0.0 to 4.4.0.118
Netmodule Router Software
From 4.6.0.0 to 4.6.0.105
Netmodule Router Software
From 4.7.0.0 to 4.7.0.103
Running on/withPlatform Versions
Netmodule
Nb1601
All versions
Netmodule
Nb1800
All versions
Netmodule
Nb1810
All versions
Netmodule
Nb2800
All versions
Netmodule
Nb2810
All versions
Netmodule
Nb3701
All versions
Netmodule
Nb3800
All versions
Netmodule
Nb800
All versions
Netmodule
Ng800
All versions

Related CWEs

CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (4)

Source: research@onekey.com
Third Party Advisory
Source: research@onekey.com
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory

Timeline

No history available yet.