CVE-2023-53908

HIGH

HiSecOS 04.0.01 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-53908. PoCs published by dreizehnutters.

AI-analyzed exploit summary This exploit leverages an XML-based privilege escalation vulnerability in HiSecOS by modifying the user's access role to admin (role ID 15) via a crafted RPC payload. It requires valid credentials and sends an authenticated POST request to the target's management interface.

Description

HiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to modify their access role through XML-based NETCONF configuration. Attackers can send crafted XML payloads to the /mops_data endpoint with a specific role value to elevate their user privileges to administrative level.

Exploits (1)

exploitdb WORKING POC
by dreizehnutters · bashwebappshardware
https://www.exploit-db.com/exploits/51537

This exploit leverages an XML-based privilege escalation vulnerability in HiSecOS by modifying the user's access role to admin (role ID 15) via a crafted RPC payload. It requires valid credentials and sends an authenticated POST request to the target's management interface.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: HiSecOS-04.0.01 or lower
Auth required
Prerequisites: valid username and password · network access to the target's management interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 8.8
EPSS 0.0002
EPSS Percentile 4.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-269
Status published
Products (1)
Belden/HiSecOS 04.0.01
Published Dec 17, 2025
Tracked Since Feb 18, 2026