exploitDog

CVE-2023-3991

Опубликовано: 16 окт. 2023

Источник: nvd

CVSS3: 10

CVSS3: 9.8

EPSS Низкий

Описание

An OS command injection vulnerability exists in the httpd iperfrun.cgi functionality of FreshTomato 2023.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.

Ссылки

https://govtech-csg.github.io/security-advisories/2023/10/16/CVE-2023-3991.html
Third Party Advisory
https://govtech-csg.github.io/security-advisories/2023/10/16/CVE-2023-3991.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:freshtomato:freshtomato:2023.3:*:*:*:*:*:*:*

EPSS

Процентиль: 79%

0.01281

Низкий

10 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-78

CWE-78

Связанные уязвимости

GHSA-g95v-666p-2m3x

CVSS3: 10

github

больше 2 лет назад

An OS command injection vulnerability exists in the httpd iperfrun.cgi functionality of FreshTomato 2023.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.

EPSS

Процентиль: 79%

0.01281

Низкий

10 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-78

CWE-78