{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-1097", "assignerOrgId": "084566ad-deee-4e89-acff-6b7b1bf9d4b7", "state": "PUBLISHED", "assignerShortName": "Baicells", "dateReserved": "2023-02-28T17:35:19.554Z", "datePublished": "2023-03-01T19:29:26.456Z", "dateUpdated": "2025-03-07T15:53:21.691Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["BCE"], "product": "EG7035-M11", "vendor": "Baicells", "versions": [{"changes": [{"at": "BaiCE_BM_2.5.26", "status": "unaffected"}], "lessThanOrEqual": " BCE-ODU-1.0.8", "status": "affected", "version": "0", "versionType": "patch"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "CPE would need to be configured and running on BCE-ODU-1.0.8 firmware and older along with being accessible on the internal network or public network. If the Web interface is enabled it will allow users to exploit using the above method. "}], "value": "CPE would need to be configured and running on BCE-ODU-1.0.8 firmware and older along with being accessible on the internal network or public network. If the Web interface is enabled it will allow users to exploit using the above method. "}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Lionel Musonza"}, {"lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Baicells Security Team"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p><span style=\"background-color: rgb(255, 255, 255);\">Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party analyst and have been confirmed exploitable special thanks to Lionel Musonza for the discovery.<br></span><br><br></p><br>"}], "value": "Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party analyst and have been confirmed exploitable special thanks to Lionel Musonza for the discovery.\n\n\n\n\n\n"}], "impacts": [{"capecId": "CAPEC-108", "descriptions": [{"lang": "en", "value": "CAPEC-108 Command Line Execution through SQL Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": " CWE-94: Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "084566ad-deee-4e89-acff-6b7b1bf9d4b7", "shortName": "Baicells", "dateUpdated": "2023-03-01T19:29:26.456Z"}, "references": [{"tags": ["patch", "release-notes"], "url": "https://community.na.baicells.com/t/baice-bm-2-5-26-new-cpe-software-has-been-released/1756"}, {"tags": ["patch"], "url": "https://img.baicells.com//Upload/20220524/FILE/BaiCE_BM_2.5.26_NA.bin.bin"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Baicells recommends that all customers currently running an earlier version of BCE-ODU-1.0.8 upgrade&nbsp;their product to the BaiCE_BM_2.5.26&nbsp;firmware.</p><br>"}], "value": "Baicells recommends that all customers currently running an earlier version of BCE-ODU-1.0.8 upgrade\u00a0their product to the BaiCE_BM_2.5.26\u00a0firmware.\n\n\n"}], "source": {"discovery": "UNKNOWN"}, "title": "Unauthenticated Command Injection EG7035-M11 Series", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:32:46.398Z"}, "title": "CVE Program Container", "references": [{"tags": ["patch", "release-notes", "x_transferred"], "url": "https://community.na.baicells.com/t/baice-bm-2-5-26-new-cpe-software-has-been-released/1756"}, {"tags": ["patch", "x_transferred"], "url": "https://img.baicells.com//Upload/20220524/FILE/BaiCE_BM_2.5.26_NA.bin.bin"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-07T15:53:08.611371Z", "id": "CVE-2023-1097", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-07T15:53:21.691Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://community.na.baicells.com/t/baice-bm-2-5-26-new-cpe-software-has-been-released/1756", "tags": ["patch", "release-notes", "x_transferred"]}, {"url": "https://img.baicells.com//Upload/20220524/FILE/BaiCE_BM_2.5.26_NA.bin.bin", "tags": ["patch", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:32:46.398Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-1097", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-07T15:53:08.611371Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-07T15:53:18.405Z"}}], "cna": {"title": "Unauthenticated Command Injection EG7035-M11 Series", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Lionel Musonza"}, {"lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Baicells Security Team"}], "impacts": [{"capecId": "CAPEC-108", "descriptions": [{"lang": "en", "value": "CAPEC-108 Command Line Execution through SQL Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.3, "attackVector": "LOCAL", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Baicells", "product": "EG7035-M11", "versions": [{"status": "affected", "changes": [{"at": "BaiCE_BM_2.5.26", "status": "unaffected"}], "version": "0", "versionType": "patch", "lessThanOrEqual": " BCE-ODU-1.0.8"}], "platforms": ["BCE"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Baicells recommends that all customers currently running an earlier version of BCE-ODU-1.0.8 upgrade\u00a0their product to the BaiCE_BM_2.5.26\u00a0firmware.\n\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>Baicells recommends that all customers currently running an earlier version of BCE-ODU-1.0.8 upgrade&nbsp;their product to the BaiCE_BM_2.5.26&nbsp;firmware.</p><br>", "base64": false}]}], "references": [{"url": "https://community.na.baicells.com/t/baice-bm-2-5-26-new-cpe-software-has-been-released/1756", "tags": ["patch", "release-notes"]}, {"url": "https://img.baicells.com//Upload/20220524/FILE/BaiCE_BM_2.5.26_NA.bin.bin", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party analyst and have been confirmed exploitable special thanks to Lionel Musonza for the discovery.\n\n\n\n\n\n", "supportingMedia": [{"type": "text/html", "value": "<p><span style=\"background-color: rgb(255, 255, 255);\">Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party analyst and have been confirmed exploitable special thanks to Lionel Musonza for the discovery.<br></span><br><br></p><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": " CWE-94: Improper Control of Generation of Code ('Code Injection')"}]}], "configurations": [{"lang": "en", "value": "CPE would need to be configured and running on BCE-ODU-1.0.8 firmware and older along with being accessible on the internal network or public network. If the Web interface is enabled it will allow users to exploit using the above method. ", "supportingMedia": [{"type": "text/html", "value": "CPE would need to be configured and running on BCE-ODU-1.0.8 firmware and older along with being accessible on the internal network or public network. If the Web interface is enabled it will allow users to exploit using the above method. ", "base64": false}]}], "providerMetadata": {"orgId": "084566ad-deee-4e89-acff-6b7b1bf9d4b7", "shortName": "Baicells", "dateUpdated": "2023-03-01T19:29:26.456Z"}}}, "cveMetadata": {"cveId": "CVE-2023-1097", "state": "PUBLISHED", "dateUpdated": "2025-03-07T15:53:21.691Z", "dateReserved": "2023-02-28T17:35:19.554Z", "assignerOrgId": "084566ad-deee-4e89-acff-6b7b1bf9d4b7", "datePublished": "2023-03-01T19:29:26.456Z", "assignerShortName": "Baicells"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:baicells:eg7035-m11_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "36273B84-D85D-43E1-92E2-B30F5C68E989", "versionEndIncluding": "bce-odu-1.0.8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:baicells:eg7035-m11:-:*:*:*:*:*:*:*", "matchCriteriaId": "3EA6185C-6193-4821-823C-7C6BF54208B9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party analyst and have been confirmed exploitable special thanks to Lionel Musonza for the discovery.\n\n\n\n\n\n"}], "id": "CVE-2023-1097", "lastModified": "2024-11-21T07:38:27.123", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 6.0, "source": "security@baicells.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-01T20:15:11.073", "references": [{"source": "security@baicells.com", "tags": ["Release Notes"], "url": "https://community.na.baicells.com/t/baice-bm-2-5-26-new-cpe-software-has-been-released/1756"}, {"source": "security@baicells.com", "tags": ["Product"], "url": "https://img.baicells.com//Upload/20220524/FILE/BaiCE_BM_2.5.26_NA.bin.bin"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://community.na.baicells.com/t/baice-bm-2-5-26-new-cpe-software-has-been-released/1756"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://img.baicells.com//Upload/20220524/FILE/BaiCE_BM_2.5.26_NA.bin.bin"}], "sourceIdentifier": "security@baicells.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "security@baicells.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}