CVE-2023-4873 MEDIUM

CVE-2023-4873: Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform importexport.php os command injection

Vendor Byzoro

Product Smart S45F Multi-Service Secure Gateway Intelligent Management Platform

Weakness CWE-78

Published September 10, 2023

Last update June 25, 2025

View on NVD All CVEs

CVSS base score

6.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability, which was classified as critical, was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230906. Affected is an unknown function of the file /importexport.php. The manipulation of the argument sql leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-239358 is the identifier assigned to this vulnerability.

Key dates

02Disclosure timeline

September 10, 2023 CVE published

June 25, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-4873 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

Identifiers

CVE CVE-2023-4873

CWE CWE-78

CVSS 6.3 / MEDIUM

Affected versions