What is CVE-2023-31446?

CVE-2023-31446 is a vulnerability in N/a. Published 2024-01-10.

Is CVE-2023-31446 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2023-31446

In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup.

EPSS: 0.917 (99.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

Dodge-MPTC/CVE-2023-31446-Remote-Code-Execution
nomi-sec/PoC-in-GitHub

References

www.cassianetworks.com
github.com/Dodge-MPTC/CVE-2023-31446-Remote-Code-Execution
blog.kscsc.online/cves/202331446/md.html

Frequently asked questions

What is CVE-2023-31446?: CVE-2023-31446 is a vulnerability in N/a. Published 2024-01-10.
Is CVE-2023-31446 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.