CVE-2023-35850 HIGH

CVE-2023-35850: SUNNET WMPro - Command Injection

Vendor Sunnet
Product WMPro
Weakness CWE-78
Published September 18, 2023
Last update September 25, 2024

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

SUNNET WMPro portal's file management function has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege or a privileged account can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operations or disrupt service.

Key dates

02Disclosure timeline

September 18, 2023 CVE published
September 25, 2024 Record updated