CVE-2023-24508
published 2023-01-26CVE-2023-24508: Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and Nova 246 devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code…
PriorityP357critical9.6CVSS 3.1
AVNACLPRNUIRSCCHIHAH
EPSS
1.64%
73.5th percentile
Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and Nova 246 devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| baicells | nova_227 | <= 3.6.6 | — |
| baicells | nova_233 | <= 3.6.6 | — |
| baicells | nova_246 | <= 3.6.6 | — |
| baicells | rtd_firmware | < 3.7.11.6 | 3.7.11.6 |
| baicells | rts_firmware | < 3.7.11.6 | 3.7.11.6 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Baicells Nova
cisa_ics·2023-02-02·CVSS 8.1
[HIGH] Baicells Nova
ICS Advisory
##
Baicells Nova
Release DateFebruary 02, 2023
Alert CodeICSA-23-033-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Baicells Technologies
- Equipment: Nova
- Vulnerability: Command Injection
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
Baicells reports this vulnerability affects the following Nova LTE TDD eNodeB devices with firmware through RTS/RTD 3.6.6:
- Nova 227
- Nova 233
- Nova 243
- Nova 246
## 3.2 VULNERABILITY OVERVIEW
3.2.1 COMMAND INJECTION CWE-77
Baicells Nova 227, Nova 233, Nova 243 LTE TDD eNodeB devices and Nova 246 with firmware throu
GHSA
GHSA-ggfg-pcqp-37x5: Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3
ghsa_unreviewed·2023-01-26
CVE-2023-24508 [CRITICAL] CWE-79 GHSA-ggfg-pcqp-37x5: Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3
Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://img.baicells.com//Upload/20230118/FILE/BaiBS_RTS_3.7.11.6.IMG.IMGhttps://img.baicells.com//Upload/20230118/FILE/BaiBS_RTS_3.7.11.6_Changelog.PDF.pdfhttps://img.baicells.com//Upload/20230118/FILE/BaiBS_RTS_3.7.11.6.IMG.IMGhttps://img.baicells.com//Upload/20230118/FILE/BaiBS_RTS_3.7.11.6_Changelog.PDF.pdf
2023-01-26
Published