Byzoro Smart S80 PHP File updatelib.php unrestricted upload
CVE-2023-6274

9.8CRITICAL

Key Information:

Vendor

Byzoro

Status
Smart S80
Vendor
CVE Published:
24 November 2023

What is CVE-2023-6274?

A vulnerability has been identified in the Byzoro Smart S80 that enables an unauthorized user to exploit the file upload functionality via the PHP File Handler. The flaw resides in the file /sysmanage/updatelib.php, where inadequate validation allows remote attackers to upload malicious files without restriction. This can lead to potential exploitation of the system. The issue was publicly disclosed, and despite notification to the vendor, no response has been received regarding mitigation.

Affected Version(s)

Smart S80 20231108

References

https://vuldb.com/?id.246103
vdb-entrytechnical-description
https://vuldb.com/?ctiid.246103
signaturepermissions-required
https://vuldb.com/?submit.234888
third-party-advisory

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

CAr01 (VulDB User)
.