Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform licence.php unrestricted upload
CVE-2023-5492

8.8HIGH

Key Information:

Vendor

Byzoro

Status
Smart S45f Multi-service Secure Gateway Intelligent Management Platform
Vendor
CVE Published:
10 October 2023

What is CVE-2023-5492?

A vulnerability exists within the Byzoro Smart S45F Multi-Service Secure Gateway that allows for unrestricted file uploads via the licence.php script. This issue can be exploited remotely, giving an attacker potential access to the system's file upload functionality, which could lead to further attacks or unauthorized access to sensitive data. The vulnerability has been publicly disclosed, and the vendor has been informed but has not responded, making it essential for users of the affected version to take immediate action to mitigate potential threats.

Affected Version(s)

Smart S45F Multi-Service Secure Gateway Intelligent Management Platform 20230928

References

https://vuldb.com/?id.241644
vdb-entrytechnical-description
https://vuldb.com/?ctiid.241644
signaturepermissions-required
https://vuldb.com/?submit.213949
third-party-advisory

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

llixixioo (VulDB User)
.