CVE-2023-0861 HIGH

CVE-2023-0861: Authenticated Command Injection in NetModule NSRW

Vendor Netmodule

Product NSRW

Weakness CWE-77

Published February 16, 2023

Last update March 18, 2025

View on NVD All CVEs

CVSS base score

7.2/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

NetModule NSRW web administration interface executes an OS command constructed with unsanitized user input. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103.

Key dates

02Disclosure timeline

February 16, 2023 CVE published

March 18, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-0861 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/77.html

Related vulnerabilities

Identifiers

CVE CVE-2023-0861

CWE CWE-77

CVSS 7.2 / HIGH

Affected versions

Vendor Netmodule

Product NSRW

Affected ≥ 4.3.0.0 and < 4.3.0.119

Vendor Netmodule

Product NSRW

Affected ≥ 4.4.0.0 and < 4.4.0.118

Vendor Netmodule

Product NSRW

Affected ≥ 4.6.0.0 and < 4.6.0.105

Vendor Netmodule

Product NSRW

Affected ≥ 4.7.0.0 and < 4.7.0.103

CVE-2023-0861: Authenticated Command Injection in NetModule NSRW

01Description

02Disclosure timeline

03References

04Related CVE