Byzoro Smart S85F Management Platform importconf.php os command injection
CVE-2023-5683

9.8CRITICAL

Key Information:

Vendor

Byzoro

Status
Smart S85f Management Platform
Vendor
CVE Published:
21 October 2023

What is CVE-2023-5683?

A vulnerability exists in the Byzoro Smart S85F Management Platform that allows for OS command injection through improper handling of the 'btn_file_renew' parameter in the '/sysmanage/importconf.php' file. This flaw can be exploited remotely, potentially allowing attackers to execute arbitrary commands on the server. The vulnerability has been publicly disclosed, raising concerns about the security of affected installations, as the vendor has not responded to early disclosure communications.

Affected Version(s)

Smart S85F Management Platform 20231010

References

https://vuldb.com/?id.243059
vdb-entrytechnical-description
https://vuldb.com/?ctiid.243059
signaturepermissions-required
https://vuldb.com/?submit.218590
third-party-advisory

EPSS Score

17% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Y4ph3tS (VulDB User)
.