Command Injection Vulnerability in BYTEVALUE Intelligent Flow Control Router
CVE-2023-7311

9.3CRITICAL

Key Information:

Vendor: Bytevalue (luoyang Baiwei Intelligent Technology Co., Ltd.)
Status: Flow Control Router
Vendor: CVE Published:; 15 October 2025

🔔 Create Bytevalue (luoyang Baiwei Intelligent Technology Co., Ltd.) Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2023-7311?

The BYTEVALUE Intelligent Flow Control Router is susceptible to a command injection vulnerability through the /goform/webRead/open endpoint. The vulnerability arises because the 'path' parameter lacks proper validation and is directly echoed into a shell context. This flaw enables attackers to inject and execute arbitrary shell commands on the device. If successfully exploited, it may allow for backdoors to be written, privilege escalation on the host, and complete compromise of the router's management functionalities. This vulnerability has garnered attention as it has been targeted by various malicious actors, including the Rondo botnet.

Affected Version(s)

Flow Control Router *

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-7311 - Proof of Concept