CVE-2023-5684 – Byzoro Smart S85F Management Platform importexport.php os command injection
https://notcve.org/view.php?id=CVE-2023-5684
A vulnerability was found in Byzoro Smart S85F Management Platform up to 20231012. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /importexport.php. The manipulation leads to os command injection. The attack can be launched remotely. • https://github.com/Chef003/cve/blob/main/rce.md https://vuldb.com/?ctiid.243061 https://vuldb.com/?id.243061 https://vuldb.com/?submit.219836 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2023-5683 – Byzoro Smart S85F Management Platform importconf.php os command injection
https://notcve.org/view.php?id=CVE-2023-5683
A vulnerability was found in Byzoro Smart S85F Management Platform up to 20231010 and classified as critical. This issue affects some unknown processing of the file /sysmanage/importconf.php. The manipulation of the argument btn_file_renew leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/yaphetszz/cve/blob/main/upload.md https://vuldb.com/?ctiid.243059 https://vuldb.com/?id.243059 https://vuldb.com/?submit.218590 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2023-4739 – Byzoro Smart S85F Management Platform updateos.php unrestricted upload
https://notcve.org/view.php?id=CVE-2023-4739
A vulnerability, which was classified as critical, has been found in Byzoro Smart S85F Management Platform up to 20230820. Affected by this issue is some unknown functionality of the file /sysmanage/updateos.php. The manipulation of the argument 1_file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Meizhi-hua/cve/blob/main/upload_file.md https://vuldb.com/?ctiid.238628 https://vuldb.com/?id.238628 https://vuldb.com/?submit.197572 • CWE-434: Unrestricted Upload of File with Dangerous Type •