CVE-2023-46681
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in VR-S1000 firmware Ver. 2.37 and earlier allows an authenticated attacker who can access to the product's command line interface to execute an arbitrary command.
La neutralización incorrecta de delimitadores de argumentos en una vulnerabilidad de comando ('Inyección de argumentos') en la versión del firmware VR-S1000. 2.37 y anteriores permiten que un atacante autenticado que pueda acceder a la interfaz de línea de comandos del producto ejecute un comando arbitrario.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-10-25 CVE Reserved
- 2023-12-26 CVE Published
- 2023-12-26 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://jvn.jp/en/jp/JVN23771490 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.buffalo.jp/news/detail/20231225-01.html | 2024-01-04 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Buffalo Search vendor "Buffalo" | Vr-s1000 Firmware Search vendor "Buffalo" for product "Vr-s1000 Firmware" | <= 2.37 Search vendor "Buffalo" for product "Vr-s1000 Firmware" and version " <= 2.37" | - |
Affected
| in | Buffalo Search vendor "Buffalo" | Vr-s1000 Search vendor "Buffalo" for product "Vr-s1000" | - | - |
Safe
|