cbcvebase.
CVE-2023-24508
published 2023-01-26

CVE-2023-24508: Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and Nova 246 devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code…

PriorityP357critical9.6CVSS 3.1
AVNACLPRNUIRSCCHIHAH
EPSS
1.64%
73.5th percentile
Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and Nova 246 devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce.

Affected

5 ranges
VendorProductVersion rangeFixed in
baicellsnova_227<= 3.6.6
baicellsnova_233<= 3.6.6
baicellsnova_246<= 3.6.6
baicellsrtd_firmware< 3.7.11.63.7.11.6
baicellsrts_firmware< 3.7.11.63.7.11.6
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.