CVE-2023-0862 HIGH

CVE-2023-0862: Path Traversal in NetModule NSRW

Vendor Netmodule
Product NSRW
Weakness CWE-22 · Path traversal
Published February 16, 2023
Last update March 18, 2025

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading malicious files to the web root directory, authenticated users could gain remote command execution with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103.

Key dates

02Disclosure timeline

February 16, 2023 CVE published
March 18, 2025 Record updated