Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform web.php unrestricted upload
CVE-2023-5493

8.8HIGH

Key Information:

Vendor

Byzoro

Status
Smart S45f Multi-service Secure Gateway Intelligent Management Platform
Vendor
CVE Published:
10 October 2023

What is CVE-2023-5493?

A vulnerability exists within the Byzoro Smart S45F Multi-Service Secure Gateway's web.php file, allowing an attacker to exploit unrestricted file uploads. This weakness can be exploited remotely, enabling malicious users to upload arbitrary files to the system. If successfully exploited, it could lead to severe consequences such as unauthorized access and potential system compromise. The vulnerability has been publicly disclosed, motivating swift action to mitigate risks associated with this flaw; however, the vendor has not yet provided any feedback following the initial notification about the issue.

Affected Version(s)

Smart S45F Multi-Service Secure Gateway Intelligent Management Platform 20230928

References

https://vuldb.com/?id.241645
vdb-entrytechnical-description
https://vuldb.com/?ctiid.241645
signaturepermissions-required
https://vuldb.com/?submit.213951
third-party-advisory

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

llixixioo (VulDB User)
.