CVE-2023-49257

CVE-2023-49257: Command execution using the certificate upload utility

Vendor Hongdian
Product H8951-4G-ESP
Weakness CWE-732
Published January 12, 2024
Last update June 11, 2025

CVSS base score

What the vulnerability does

01Description

An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with the root user privileges.

Key dates

02Disclosure timeline

January 12, 2024 CVE published
June 11, 2025 Record updated