SUNNET WMPro - Command Injection
CVE-2023-35850

7.2HIGH

Key Information:

Vendor: SUNNET
Status: WMPro
Vendor: CVE Published:; 18 September 2023

What is CVE-2023-35850?

The SUNNET WMPro portal's file management function is susceptible to insufficient filtering of user input. This vulnerability can be exploited by a remote attacker possessing administrative privileges or a privileged account, allowing them to inject and execute arbitrary system commands. The exploit may enable the attacker to manipulate system operations, potentially resulting in service disruption or unauthorized actions within the system.

Affected Version(s)

WMPro V5

References

https://www.twcert.org.tw/tw/cp-132-7373-4ef46-1.html

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 18, 2023
Vulnerability Reserved
Jun 19, 2023

CVE-2023-35850 Data

JSON