cbcvebase.
CVE-2023-0862
published 2023-02-16

CVE-2023-0862: The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading…

PriorityP358high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
2.35%
81.6th percentile
The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading malicious files to the web root directory, authenticated users could gain remote command execution with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103.

Affected

9 ranges
VendorProductVersion rangeFixed in
netmodulenetmodule_router_software< 4.6.0.1054.6.0.105
netmodulenetmodule_router_software>= 4.3.0.0 < 4.3.0.1194.3.0.119
netmodulenetmodule_router_software>= 4.4.0.0 < 4.4.0.1184.4.0.118
netmodulenetmodule_router_software>= 4.6.0.0 < 4.6.0.1054.6.0.105
netmodulenetmodule_router_software>= 4.7.0.0 < 4.7.0.1034.7.0.103
netmodulensrw>= 4.3.0.0 < 4.3.0.1194.3.0.119
netmodulensrw>= 4.4.0.0 < 4.4.0.1184.4.0.118
netmodulensrw>= 4.6.0.0 < 4.6.0.1054.6.0.105
netmodulensrw>= 4.7.0.0 < 4.7.0.1034.7.0.103
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.