CVE-2023-30404

Published: Apr 26, 2023Modified: Feb 3, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Aigital Wireless-N Repeater Mini_Router v0.131229 was discovered to contain a remote code execution (RCE) vulnerability via the sysCmd parameter in the formSysCmd function. This vulnerability is exploited via a crafted HTTP request.

Affected (1)

Products: Aigital: Wireless N Repeater Mini Router Firmware

Aigital

1 product

Wireless N Repeater Mini Router Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Aigital Wireless N Repeater Mini Router Firmware	Version 0.131229

Running on/with	Platform Versions
Aigital Wireless N Repeater Mini Router	All versions

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (4)

http://aigital.com

Source: cve@mitre.org

Broken Link

https://mandomat.github.io/2023-04-13-testing-a-cheap-wifi-repeater/

Source: cve@mitre.org

ExploitThird Party Advisory

http://aigital.com

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://mandomat.github.io/2023-04-13-testing-a-cheap-wifi-repeater/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.