{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-0862","assignerOrgId":"2d533b80-6e4a-4e20-93e2-171235122846","state":"PUBLISHED","assignerShortName":"ONEKEY","dateReserved":"2023-02-16T09:01:36.192Z","datePublished":"2023-02-16T09:07:09.930Z","dateUpdated":"2025-03-18T14:50:42.840Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","modules":["web administration interface"],"product":"NSRW","vendor":"NetModule","versions":[{"lessThan":"4.3.0.119","status":"affected","version":"4.3.0.0","versionType":"4.3.0.119"},{"lessThan":"4.4.0.118","status":"affected","version":"4.4.0.0","versionType":"4.4.0.118"},{"lessThan":"4.6.0.105","status":"affected","version":"4.6.0.0","versionType":"4.6.0.105"},{"lessThan":"4.7.0.103","status":"affected","version":"4.7.0.0","versionType":"4.7.0.103"}]}],"credits":[{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"Quentin Kaiser from ONEKEY Research Labs"}],"datePublic":"2023-02-16T09:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading malicious files to the web root directory, authenticated users could gain remote command execution with elevated privileges.<br><br>This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103.<br>"}],"value":"The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading malicious files to the web root directory, authenticated users could gain remote command execution with elevated privileges.\n\nThis issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103.\n"}],"impacts":[{"capecId":"CAPEC-126","descriptions":[{"lang":"en","value":"CAPEC-126 Path Traversal"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-22","description":"CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"2d533b80-6e4a-4e20-93e2-171235122846","shortName":"ONEKEY","dateUpdated":"2023-02-21T08:24:22.762Z"},"references":[{"url":"https://share.netmodule.com/public/system-software/4.7/4.7.0.103/NRSW-RN-4.7.0.103.pdf"},{"url":"https://onekey.com/blog/security-advisory-netmodule-multiple-vulnerabilities/"}],"source":{"discovery":"EXTERNAL"},"title":"Path Traversal in NetModule NSRW","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T05:24:34.659Z"},"title":"CVE Program Container","references":[{"url":"https://share.netmodule.com/public/system-software/4.7/4.7.0.103/NRSW-RN-4.7.0.103.pdf","tags":["x_transferred"]},{"url":"https://onekey.com/blog/security-advisory-netmodule-multiple-vulnerabilities/","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-03-18T14:50:33.476944Z","id":"CVE-2023-0862","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-03-18T14:50:42.840Z"}}]}}