CVE-2023-0776 HIGH

CVE-2023-0776: Remote Code Execution in Baicells QRTB Platform

Vendor Baicells

Product Nova 436Q

Weakness CWE-79 · XSS

Published February 10, 2023

Last update March 24, 2025

View on NVD All CVEs

CVSS base score

8.1/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction None

Confidentiality Low

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L

What the vulnerability does

01Description

Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices with firmware through QRTB 2.12.7 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce.

Key dates

02Disclosure timeline

February 10, 2023 CVE published

March 24, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-0776 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2023-0776

CWE CWE-79

CVSS 8.1 / HIGH

Affected versions

Vendor Baicells

Product Nova 436Q

Affected ≤ 2.12.7

Vendor Baicells

Product Nova 430E

Affected ≤ 2.12.7

Vendor Baicells

Product Nova 430I

Affected ≤ 2.12.7

Vendor Baicells

Product Neutrino 430

Affected ≤ 2.12.7

CVE-2023-0776: Remote Code Execution in Baicells QRTB Platform

01Description

02Disclosure timeline

03References

04Related CVE