What is CVE-2023-4120?

CVE-2023-4120 is a medium-severity vulnerability in Byzoro Smart S85f Management Platform, classified under Command Injection. CVSS score: 6.3/10. Published 2023-08-03.

How severe is CVE-2023-4120?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Is CVE-2023-4120 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Byzoro Smart S85f Management Platform

CVE-2023-4120

A vulnerability was found in Byzoro Smart S85F Management Platform up to 20230722 and classified as critical. This issue affects some unknown processing of the file importhtml.php. The manipulation of the argument sql leads to command inje…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.628 (98.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.

Affected products

Byzoro Smart S85f Management Platform — versions 20230722

Weakness classification (CWE)

CWE-77 — Command Injection

Public proof-of-concept exploits

References

VDB-235967 | Byzoro Smart S85F Management Platform importhtml.php command injection (vdb-entry, technical-description)
VDB-235967 | CTI Indicators (IOB, IOC, TTP, IOA) (signature, permissions-required)
Submit #185751 | The Smart S85F management platform has an rce vulnerability (third-party-advisory)
github.com/RCEraser/cve/blob/main/rce.md (exploit)

Frequently asked questions

What is CVE-2023-4120?: CVE-2023-4120 is a medium-severity vulnerability in Byzoro Smart S85f Management Platform, classified under Command Injection. CVSS score: 6.3/10. Published 2023-08-03.
How severe is CVE-2023-4120?: Medium severity. CVSS v3 base score is 6.3 out of 10.
Is CVE-2023-4120 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.