A vulnerability was found in Tecno 4G Portable WiFi TR118 TR118-M30E-RR-D-EnFrArSwHaPo-OP-V008-20220830. It has been declared as critical. This vulnerability affects unknown code of the file /goform/goform_get_cmd_process of the component Ping Tool. The manipulation of the argument url leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-246130 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
Link | Resource |
---|---|
https://drive.google.com/file/d/1DUSlAxTbNLBdv1aLUAn-tDMu6Z1rHYH8/view | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.246130 | Third Party Advisory |
https://vuldb.com/?id.246130 | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
01 Dec 2023, 19:25
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-78 | |
First Time |
Tecno-mobile
Tecno-mobile tr118 Firmware Tecno-mobile tr118 |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.0 |
CPE | cpe:2.3:h:tecno-mobile:tr118:-:*:*:*:*:*:*:* cpe:2.3:o:tecno-mobile:tr118_firmware:tr118-m30e-rr-d-enfrarswhapo-op-v008-20220830:*:*:*:*:*:*:* |
|
References | () https://vuldb.com/?id.246130 - Third Party Advisory | |
References | () https://drive.google.com/file/d/1DUSlAxTbNLBdv1aLUAn-tDMu6Z1rHYH8/view - Exploit, Third Party Advisory | |
References | () https://vuldb.com/?ctiid.246130 - Third Party Advisory |
27 Nov 2023, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-27 01:15
Updated : 2024-04-11 01:23
NVD link : CVE-2023-6304
Mitre link : CVE-2023-6304
CVE.ORG link : CVE-2023-6304
JSON object : View
Products Affected
tecno-mobile
- tr118
- tr118_firmware
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')