Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform userattestation.php unrestricted upload
CVE-2023-5490

8.8HIGH

Key Information:

Vendor

Byzoro

Status
Smart S45f Multi-service Secure Gateway Intelligent Management Platform
Vendor
CVE Published:
10 October 2023

What is CVE-2023-5490?

A vulnerability recognized in the Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform allows an attacker to exploit an issue within the userattestation.php file. By manipulating the 'web_img' parameter, an unauthorized user can achieve unrestricted file uploads. This security flaw is particularly concerning as it enables remote exploitation. Despite early notifications sent to the vendor, there has been no response regarding remedial actions. The vulnerability has been publicly disclosed, and users are advised to be vigilant.

Affected Version(s)

Smart S45F Multi-Service Secure Gateway Intelligent Management Platform 20230928

References

https://vuldb.com/?id.241642
vdb-entrytechnical-description
https://vuldb.com/?ctiid.241642
signaturepermissions-required
https://vuldb.com/?submit.213947
third-party-advisory

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

llixixioo (VulDB User)
.