CVE-2023-0776

HIGH

Baicells Neutrino/Nova 430/436Q < QRTB 2.12.7 - RCE via HTTP Command Injection

Title source: llm

Description

Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices with firmware through QRTB 2.12.7 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce.

References (1)

Core 1

Core References

Patch, Vendor Advisory

https://baicells.com/Service/Firmware

Scores

CVSS v3 8.1

EPSS 0.0119

EPSS Percentile 64.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-77 CWE-79

Status published

Products (4)

baicells/neutrino_430_firmware < qrtb_2.12.7

baicells/nova430e_firmware < qrtb_2.12.7

baicells/nova430l_firmware < qrtb_2.12.7

baicells/nova436q_firmware < qrtb_2.12.7

Published Feb 11, 2023

Tracked Since Feb 18, 2026