CVE-2023-0830

MEDIUM

Easynas - Command Injection

Title source: rule

Description

A vulnerability classified as critical has been found in EasyNAS 1.1.0. Affected is the function system of the file /backup.pl. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

Exploits (2)

exploitdb WORKING POC

by Ivan Spiridonov · pythonremotehardware

https://www.exploit-db.com/exploits/51266

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by xbz0n · poc

https://github.com/xbz0n/CVE-2023-0830

View Code ZIP pw:eip

References (6)

[Various Sources] https://github.com/xbz0n/CVE-2023-0830

[Permissions Required, Third Party Advisory, VDB Entry] https://vuldb.com/?ctiid.220950

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.220950

[Permissions Required, VDB Entry] https://vuldb.com/?submit.86683

[Exploit, Third Party Advisory] https://gist.github.com/xbz0n/674af0e802efaaafe90d2f67464c2690

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/51266

Scores

CVSS v3 6.3

EPSS 0.3853

EPSS Percentile 97.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-78 CWE-77

Status published

Products (1)

easynas/easynas 1.1.0

Published Feb 14, 2023

Tracked Since Feb 18, 2026