Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform updatelib.php unrestricted upload
CVE-2023-5488

8.8HIGH

Key Information:

Vendor

Byzoro

Status
Smart S45f Multi-service Secure Gateway Intelligent Management Platform
Vendor
CVE Published:
10 October 2023

What is CVE-2023-5488?

An identified vulnerability in the Byzoro Smart S45F Multi-Service Secure Gateway allows unauthorized file uploads via the /sysmanage/updatelib.php endpoint. This flaw enables remote attackers to upload malicious files, which could compromise the system's integrity. Despite notification attempts to the vendor, no response was received regarding this critical issue. The vulnerability can lead to significant security risks if exploited.

Affected Version(s)

Smart S45F Multi-Service Secure Gateway Intelligent Management Platform 20230928

References

https://vuldb.com/?id.241640
vdb-entrytechnical-description
https://vuldb.com/?ctiid.241640
signaturepermissions-required
https://vuldb.com/?submit.213945
third-party-advisory

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

llixixioo (VulDB User)
.