Search criteria
2 vulnerabilities found for vw2100_firmware by adslr
CVE-2023-31746 (GCVE-0-2023-31746)
Vulnerability from nvd – Published: 2023-06-14 00:00 – Updated: 2025-01-06 16:35
VLAI
Summary
There is a command injection vulnerability in the adslr VW2100 router with firmware version M1DV1.0. An unauthenticated attacker can exploit the vulnerability to execute system commands as the root user.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:56:35.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/D2y6p/CVE/blob/main/adslr/CVE-2023-31746/1/VW2100_RCE1.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/D2y6p/CVE/blob/main/adslr/CVE-2023-31746/2/VW2100_RCE2.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/D2y6p/CVE/blob/main/adslr/CVE-2023-31746/3/VW2100_RCE3.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/D2y6p/CVE/blob/main/adslr/CVE-2023-31746/4/VW2100_RCE4.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-31746",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-06T16:34:32.981342Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T16:35:18.103Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a command injection vulnerability in the adslr VW2100 router with firmware version M1DV1.0. An unauthenticated attacker can exploit the vulnerability to execute system commands as the root user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-14T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/D2y6p/CVE/blob/main/adslr/CVE-2023-31746/1/VW2100_RCE1.pdf"
},
{
"url": "https://github.com/D2y6p/CVE/blob/main/adslr/CVE-2023-31746/2/VW2100_RCE2.pdf"
},
{
"url": "https://github.com/D2y6p/CVE/blob/main/adslr/CVE-2023-31746/3/VW2100_RCE3.pdf"
},
{
"url": "https://github.com/D2y6p/CVE/blob/main/adslr/CVE-2023-31746/4/VW2100_RCE4.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-31746",
"datePublished": "2023-06-14T00:00:00.000Z",
"dateReserved": "2023-04-29T00:00:00.000Z",
"dateUpdated": "2025-01-06T16:35:18.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31746 (GCVE-0-2023-31746)
Vulnerability from cvelistv5 – Published: 2023-06-14 00:00 – Updated: 2025-01-06 16:35
VLAI
Summary
There is a command injection vulnerability in the adslr VW2100 router with firmware version M1DV1.0. An unauthenticated attacker can exploit the vulnerability to execute system commands as the root user.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:56:35.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/D2y6p/CVE/blob/main/adslr/CVE-2023-31746/1/VW2100_RCE1.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/D2y6p/CVE/blob/main/adslr/CVE-2023-31746/2/VW2100_RCE2.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/D2y6p/CVE/blob/main/adslr/CVE-2023-31746/3/VW2100_RCE3.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/D2y6p/CVE/blob/main/adslr/CVE-2023-31746/4/VW2100_RCE4.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-31746",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-06T16:34:32.981342Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T16:35:18.103Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a command injection vulnerability in the adslr VW2100 router with firmware version M1DV1.0. An unauthenticated attacker can exploit the vulnerability to execute system commands as the root user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-14T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/D2y6p/CVE/blob/main/adslr/CVE-2023-31746/1/VW2100_RCE1.pdf"
},
{
"url": "https://github.com/D2y6p/CVE/blob/main/adslr/CVE-2023-31746/2/VW2100_RCE2.pdf"
},
{
"url": "https://github.com/D2y6p/CVE/blob/main/adslr/CVE-2023-31746/3/VW2100_RCE3.pdf"
},
{
"url": "https://github.com/D2y6p/CVE/blob/main/adslr/CVE-2023-31746/4/VW2100_RCE4.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-31746",
"datePublished": "2023-06-14T00:00:00.000Z",
"dateReserved": "2023-04-29T00:00:00.000Z",
"dateUpdated": "2025-01-06T16:35:18.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}