Remote Code Execution in Baicells RTS Platform
CVE-2023-24508

8.1HIGH

Key Information:

Vendor: Baicells
Status: Nova 227; Nova 233; Nova 246
Vendor: CVE Published:; 26 January 2023

What is CVE-2023-24508?

Baicells Nova LTE TDD eNodeB devices, including models 227, 233, 243, and 246, are susceptible to a remote shell code exploitation vulnerability. This issue arises from improper handling of HTTP command injections, allowing an unauthenticated attacker to execute system commands with root privileges. The exploitation pathway involves pre-login command execution, which has been validated by independent analysis. Users are strongly advised to upgrade to the latest firmware version to mitigate this security threat.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Nova 227 RTS 0 <= 3.6.6

Nova 233 RTS 0 <= 3.6.6

Nova 246 RTS 0 <= 3.6.6

References

https://img.baicells.com//Upload/20230118/FILE/BaiBS_RTS_...

patch

https://img.baicells.com//Upload/20230118/FILE/BaiBS_RTS_...

release-notes

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 26, 2023
Vulnerability Reserved
Jan 24, 2023

Credit

Rustam Amin

Baicells Security Team

JSON

Baicells