Realtek RTL819x Jungle SDK Command Injection Vulnerabilities
CVE-2023-50383

7.2HIGH

Key Information:

Vendor: Levelone
Status: Wbr-6013; Rtl819x Jungle Sdk
Vendor: CVE Published:; 8 July 2024

What is CVE-2023-50383?

Multiple OS command injection vulnerabilities are present in the boa formWsc functionality of the Realtek rtl819x Jungle SDK version 3.4.11. These vulnerabilities can be exploited through a sequence of specially crafted HTTP requests, which enable attackers to execute arbitrary commands on the affected system. The vulnerabilities particularly affect the localPin request parameter, creating a significant security risk that necessitates immediate attention and remediation.

Affected Version(s)

rtl819x Jungle SDK v3.4.11

WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 8, 2024
Vulnerability Reserved
Dec 7, 2023

Credit

Discovered by Francesco Benvenuto of Cisco Talos.

JSON

Levelone

What is CVE-2023-50383?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit