{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-0830","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2023-02-14T16:12:10.052Z","datePublished":"2023-02-14T16:13:43.586Z","dateUpdated":"2025-05-01T15:10:33.281Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-05-01T15:10:33.281Z"},"title":"EasyNAS backup.pl system os command injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-78","lang":"en","description":"OS Command Injection"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-77","lang":"en","description":"Command Injection"}]}],"affected":[{"vendor":"n/a","product":"EasyNAS","versions":[{"version":"1.1.0","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability classified as critical has been found in EasyNAS 1.1.0. Affected is the function system of the file /backup.pl. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component."},{"lang":"de","value":"Es wurde eine kritische Schwachstelle in EasyNAS 1.1.0 entdeckt. Es betrifft die Funktion system der Datei /backup.pl. Durch Manipulation mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P"}}],"timeline":[{"time":"2023-02-14T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2023-02-14T00:00:00.000Z","lang":"en","value":"CVE reserved"},{"time":"2023-02-14T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-05-01T17:15:28.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"xbz0n (VulDB User)","type":"reporter"},{"lang":"en","value":"xbz0n (VulDB User)","type":"analyst"}],"references":[{"url":"https://vuldb.com/?id.220950","name":"VDB-220950 | EasyNAS backup.pl system os command injection","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.220950","name":"VDB-220950 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.86683","name":"Submit #86683 | EasyNAS 1.1.0 - Authenticated OS Command Injection","tags":["third-party-advisory"]},{"url":"https://github.com/xbz0n/CVE-2023-0830","tags":["exploit"]},{"url":"https://www.exploit-db.com/exploits/51266","tags":["exploit"]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T05:24:34.584Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.220950","tags":["vdb-entry","technical-description","x_transferred"]},{"url":"https://vuldb.com/?ctiid.220950","tags":["signature","permissions-required","x_transferred"]},{"url":"https://gist.github.com/xbz0n/674af0e802efaaafe90d2f67464c2690","tags":["exploit","x_transferred"]}]}]}}