What is CVE-2023-49254?

CVE-2023-49254 is a vulnerability in Hongdian H8951-4g-esp, classified under OS Command Injection. Published 2024-01-12.

Is CVE-2023-49254 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Hongdian H8951-4g-esp

CVE-2023-49254

Authenticated user can execute arbitrary commands in the context of the root user by providing payload in the "destination" field of the network test tools. This is similar to the vulnerability CVE-2021-28151 mitigated on the user interfac…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.001 (27.3th percentile) — read the EPSS interpretation.

Affected products

Hongdian H8951-4g-esp — versions 0

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

cert.pl/en/posts/2024/01/CVE-2023-49253/ (third-party-advisory)
cert.pl/posts/2024/01/CVE-2023-49253/ (third-party-advisory)

Frequently asked questions

What is CVE-2023-49254?: CVE-2023-49254 is a vulnerability in Hongdian H8951-4g-esp, classified under OS Command Injection. Published 2024-01-12.
Is CVE-2023-49254 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.