CVE-2023-0862
HIGHNetmodule Router Software < 4.3.0.119 - Path Traversal
Title source: ruleDescription
The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading malicious files to the web root directory, authenticated users could gain remote command execution with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103.
References (2)
Core 2
Core References
Third Party Advisory
https://onekey.com/blog/security-advisory-netmodule-multiple-vulnerabilities/
Release Notes, Vendor Advisory
https://share.netmodule.com/public/system-software/4.7/4.7.0.103/NRSW-RN-4.7.0.103.pdf
Scores
CVSS v3
7.2
EPSS
0.0235
EPSS Percentile
81.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-22
Status
published
Products (1)
netmodule/netmodule_router_software
4.3.0.0 - 4.3.0.119
Published
Feb 16, 2023
Tracked Since
Feb 18, 2026