RCE in Bytevalue (Luoyang Baiwei Intelligent Technology Co., Ltd.) Flow Control Router
CVE-2023-7311
BYTEVALUE Intelligent Flow Control Router contains a command injection vulnerability via the /goform/webRead/open endpoint. The `path` parameter is not properly validated and is echoed into a shell context, allowing an attacker to inject a…
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.019 (77.5th percentile) — read the EPSS interpretation.
Affected products
Weakness classification (CWE)
References
- disclosure@vulncheck.com (exploit)
- disclosure@vulncheck.com (technical-description, exploit)
- disclosure@vulncheck.com (technical-description, exploit)
- disclosure@vulncheck.com (third-party-advisory)