CVE-2023-46510
CRITICALZIONCOM A7000R Firmware 4.1cu.4154 - OS Command Injection via cstecgi.cgi Password Configuration
Title source: llmDescription
An issue in ZIONCOM (Hong Kong) Technology Limited A7000R v.4.1cu.4154 allows an attacker to execute arbitrary code via the cig-bin/cstecgi.cgi to the settings/setPasswordCfg function.
References (1)
Core 1
Core References
Third Party Advisory
https://gist.github.com/ATonysan/58ace23d539981441bca16ce0f7585e2
Scores
CVSS v3
9.8
EPSS
0.0077
EPSS Percentile
50.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (1)
zioncom/a7000r_firmware
4.1cu.4154
Published
Oct 27, 2023
Tracked Since
Feb 18, 2026