nvd-json-data-feeds/CVE-2023/CVE-2023-413xx/CVE-2023-41352.json

{
  "id": "CVE-2023-41352",
  "sourceIdentifier": "twcert@cert.org.tw",
  "published": "2023-11-03T06:15:07.313",
  "lastModified": "2023-11-13T19:31:25.810",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services."
    },
    {
      "lang": "es",
      "value": "Chunghwa Telecom NOKIA G-040W-Q tiene una vulnerabilidad de filtrado insuficiente para la entrada del usuario. Un atacante remoto con privilegios de administrador puede aprovechar esta vulnerabilidad para realizar un ataque de inyecci\u00f3n de comandos para ejecutar comandos arbitrarios, interrumpir el sistema o finalizar servicios."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9
      },
      {
        "source": "twcert@cert.org.tw",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ]
    },
    {
      "source": "twcert@cert.org.tw",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:nokia:g-040w-q_firmware:g040wqr201207:*:*:*:*:*:*:*",
              "matchCriteriaId": "B44938DD-B7A2-4D58-8B61-AE64C62A3E83"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:nokia:g-040w-q:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B61B9373-5B22-4C83-9781-FCFEB29BB3DB"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.twcert.org.tw/tw/cp-132-7502-287ec-1.html",
      "source": "twcert@cert.org.tw",
      "tags": [
        "Third Party Advisory"
      ]
    }
  ]
}