CVE-2023-49257 - Vulnerability Details - OpenCVE

An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with the root user privileges.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Hongdian	H8951-4g-esp H8951-4g-esp Firmware

Configuration 1 [-]

AND

cpe:2.3:o:hongdian:h8951-4g-esp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hongdian:h8951-4g-esp:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cert.pl/en/posts/2024/01/CVE-2023-49253/
https://cert.pl/posts/2024/01/CVE-2023-49253/

History

Mon, 03 Mar 2025 18:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-434

Thu, 14 Nov 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 10 Oct 2024 15:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-434

MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published: 2024-01-12T14:24:32.311Z

Updated: 2025-03-03T17:13:58.456Z

Reserved: 2023-11-24T11:53:46.294Z

Link: CVE-2023-49257

Vulnrichment

Updated: 2024-08-02T21:53:45.304Z

NVD

Status : Modified

Published: 2024-01-12T15:15:09.230

Modified: 2025-03-03T18:15:28.480

Link: CVE-2023-49257

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-49257", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "state": "PUBLISHED", "assignerShortName": "CERT-PL", "dateReserved": "2023-11-24T11:53:46.294Z", "datePublished": "2024-01-12T14:24:32.311Z", "dateUpdated": "2025-03-03T17:13:58.456Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "H8951-4G-ESP", "vendor": "Hongdian", "versions": [{"lessThan": "2310271149", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Robert Pogorzelski (SEQRED)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with the root user privileges."}], "value": "An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with the root user privileges."}], "impacts": [{"capecId": "CAPEC-176", "descriptions": [{"lang": "en", "value": "CAPEC-176 Configuration/Environment Manipulation"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2025-03-03T17:13:58.456Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://cert.pl/en/posts/2024/01/CVE-2023-49253/"}, {"tags": ["third-party-advisory"], "url": "https://cert.pl/posts/2024/01/CVE-2023-49253/"}], "source": {"discovery": "UNKNOWN"}, "title": "Command execution using the certificate upload utility", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:53:45.304Z"}, "title": "CVE Program Container", "references": [{"tags": ["third-party-advisory", "x_transferred"], "url": "https://cert.pl/en/posts/2024/01/CVE-2023-49253/"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://cert.pl/posts/2024/01/CVE-2023-49253/"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-01-23T20:14:25.938625Z", "id": "CVE-2023-49257", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-14T14:31:31.639Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://cert.pl/en/posts/2024/01/CVE-2023-49253/", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://cert.pl/posts/2024/01/CVE-2023-49253/", "tags": ["third-party-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:53:45.304Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-49257", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-01-23T20:14:25.938625Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-14T14:31:25.795Z"}}], "cna": {"title": "Command execution using the certificate upload utility", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Robert Pogorzelski (SEQRED)"}], "impacts": [{"capecId": "CAPEC-176", "descriptions": [{"lang": "en", "value": "CAPEC-176 Configuration/Environment Manipulation"}]}], "affected": [{"vendor": "Hongdian", "product": "H8951-4G-ESP", "versions": [{"status": "affected", "version": "0", "lessThan": "2310271149", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://cert.pl/en/posts/2024/01/CVE-2023-49253/", "tags": ["third-party-advisory"]}, {"url": "https://cert.pl/posts/2024/01/CVE-2023-49253/", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with the root user privileges.", "supportingMedia": [{"type": "text/html", "value": "An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with the root user privileges.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2025-03-03T17:13:58.456Z"}}}, "cveMetadata": {"cveId": "CVE-2023-49257", "state": "PUBLISHED", "dateUpdated": "2025-03-03T17:13:58.456Z", "dateReserved": "2023-11-24T11:53:46.294Z", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "datePublished": "2024-01-12T14:24:32.311Z", "assignerShortName": "CERT-PL"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hongdian:h8951-4g-esp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4391599E-AC50-4409-B8DE-D86CD4EACA35", "versionEndExcluding": "2310271149", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hongdian:h8951-4g-esp:-:*:*:*:*:*:*:*", "matchCriteriaId": "3B44C0C6-3995-43DB-9B49-78110E5E7A43", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with the root user privileges."}, {"lang": "es", "value": "Un usuario autenticado puede cargar un archivo arbitrario compatible con CGI utilizando la utilidad de carga de certificados y ejecutarlo con privilegios de usuario root."}], "id": "CVE-2023-49257", "lastModified": "2025-03-03T18:15:28.480", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-12T15:15:09.230", "references": [{"source": "cvd@cert.pl", "tags": ["Third Party Advisory"], "url": "https://cert.pl/en/posts/2024/01/CVE-2023-49253/"}, {"source": "cvd@cert.pl", "tags": ["Third Party Advisory"], "url": "https://cert.pl/posts/2024/01/CVE-2023-49253/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert.pl/en/posts/2024/01/CVE-2023-49253/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert.pl/posts/2024/01/CVE-2023-49253/"}], "sourceIdentifier": "cvd@cert.pl", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "cvd@cert.pl", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}