Remote Code Execution in Baicells QRTB Platform
CVE-2023-0776

8.1HIGH

Key Information:

Vendor: Baicells
Status: Nova 436q; Nova 430e; Nova 430i; Neutrino 430
Vendor: CVE Published:; 11 February 2023

What is CVE-2023-0776?

Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices are exposed to severe security risks due to a flaw that allows for remote shell code execution through HTTP command injections. This vulnerability permits an attacker to execute commands on the affected devices with root-level permissions prior to user authentication. Affected firmware versions up to QRTB 2.12.7 have been validated as exploitable, potentially enabling unauthorized access and manipulation of device functionality. For enhanced security, it is crucial for device administrators to apply lifecycle management practices and promptly update firmware.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Neutrino 430 QRTB 0 <= 2.12.7

Nova 430E QRTB 0 <= 2.12.7

Nova 430I QRTB 0 <= 2.12.7

References

https://baicells.com/Service/Firmware

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 11, 2023
Vulnerability Reserved
Feb 10, 2023

Credit

Rustam Amin

Baicells Security Team

JSON

Baicells