Byzoro Smart S85F Management Platform unrestricted upload
CVE-2023-4121

9.8CRITICAL

Key Information:

Vendor

Byzoro

Status
Smart S85f Management Platform
Vendor
CVE Published:
3 August 2023

What is CVE-2023-4121?

A significant vulnerability exists in the Byzoro Smart S85F Management Platform, which allows for unrestricted file uploads via an unknown function. This flaw enables attackers to exploit the argument 'file_upload', facilitating remote attacks that can lead to unauthorized access and potential system compromise. The vulnerability has been disclosed publicly, raising critical concerns surrounding its use in malicious activities, especially since the vendor has not addressed the issue despite early notifications.

Affected Version(s)

Smart S85F Management Platform 20230722

References

https://vuldb.com/?id.235968
vdb-entrytechnical-description
https://vuldb.com/?ctiid.235968
signaturepermissions-required
https://vuldb.com/?submit.185755
third-party-advisory

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

torres14852 (VulDB User)
.