CVE-2023-40144 : OS command injection vulnerability in the CBC products allows a remote authentic

OS command injection vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported, therefore updates for those products are not provided.

Published 2023-08-23 04:15:11

Updated 2023-08-29 14:34:01

Source JPCERT/CC

View at NVD, CVE.org

Products affected by CVE-2023-40144

CBC » Nr4h Firmware » Version: N/A
cpe:2.3:o:cbc:nr4h_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: CBC » Nr4h » Version: N/A
CBC » Nr8h Firmware » Version: N/A
cpe:2.3:o:cbc:nr8h_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: CBC » Nr8h » Version: N/A
CBC » Nr16h Firmware » Version: N/A
cpe:2.3:o:cbc:nr16h_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: CBC » Nr16h » Version: N/A
CBC » Dr-16f42a Firmware » Version: N/A
cpe:2.3:o:cbc:dr-16f42a_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: CBC » Dr-16f42a » Version: N/A
CBC » Dr-16f45at Firmware » Version: N/A
cpe:2.3:o:cbc:dr-16f45at_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: CBC » Dr-16f45at » Version: N/A
CBC » Dr-8f42a Firmware » Version: N/A
cpe:2.3:o:cbc:dr-8f42a_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: CBC » Dr-8f42a » Version: N/A
CBC » Dr-8f45at Firmware » Version: N/A
cpe:2.3:o:cbc:dr-8f45at_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: CBC » Dr-8f45at » Version: N/A
CBC » Dr-4fx1 Firmware » Version: N/A
cpe:2.3:o:cbc:dr-4fx1_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: CBC » Dr-4fx1 » Version: N/A
CBC » Dr-16h Firmware » Version: N/A
cpe:2.3:o:cbc:dr-16h_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: CBC » Dr-16h » Version: N/A
CBC » Dr-8h Firmware » Version: N/A
cpe:2.3:o:cbc:dr-8h_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: CBC » Dr-8h » Version: N/A
CBC » Dr-4h Firmware » Version: N/A
cpe:2.3:o:cbc:dr-4h_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: CBC » Dr-4h » Version: N/A
CBC » Drh8-4m41-a Firmware » Version: N/A
cpe:2.3:o:cbc:drh8-4m41-a_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: CBC » Drh8-4m41-a » Version: N/A
CBC » Nr8-4m71 Firmware » Version: N/A
cpe:2.3:o:cbc:nr8-4m71_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: CBC » Nr8-4m71 » Version: N/A
CBC » Nr8-8m72 Firmware » Version: N/A
cpe:2.3:o:cbc:nr8-8m72_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: CBC » Nr8-8m72 » Version: N/A
CBC » Nr-16m Firmware » Version: N/A
cpe:2.3:o:cbc:nr-16m_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: CBC » Nr-16m » Version: N/A
CBC » Nr-16f85-8pra Firmware » Version: N/A
cpe:2.3:o:cbc:nr-16f85-8pra_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: CBC » Nr-16f85-8pra » Version: N/A
CBC » Nr-16f82-16p Firmware » Version: N/A
cpe:2.3:o:cbc:nr-16f82-16p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: CBC » Nr-16f82-16p » Version: N/A
CBC » Nr-4f Firmware » Version: N/A
cpe:2.3:o:cbc:nr-4f_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: CBC » Nr-4f » Version: N/A
CBC » Nr-8f Firmware » Version: N/A
cpe:2.3:o:cbc:nr-8f_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: CBC » Nr-8f » Version: N/A
CBC » Dr-16m52 Firmware » Version: N/A
cpe:2.3:o:cbc:dr-16m52_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: CBC » Dr-16m52 » Version: N/A
CBC » Dr-16m52-av Firmware » Version: N/A
cpe:2.3:o:cbc:dr-16m52-av_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: CBC » Dr-16m52-av » Version: N/A
CBC » Dr-8m52-av Firmware » Version: N/A
cpe:2.3:o:cbc:dr-8m52-av_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: CBC » Dr-8m52-av » Version: N/A
CBC » Dr-4m51-av Firmware » Version: N/A
cpe:2.3:o:cbc:dr-4m51-av_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: CBC » Dr-4m51-av » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2023-40144

EPSS FAQ

6.53%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 91 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-40144

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2023-40144

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2023-40144

https://ganzsecurity.com/release/1578/digimasterpixelmaster-security-notice

Vendor Advisory

CVEs referencing this url
https://jvn.jp/en/vu/JVNVU92545432/

Third Party Advisory

CVEs referencing this url
https://download.ganzsecurity.pl/

GANZ™ by CBC - Download Portal - [http://download.ganzsecurity.pl/]
Product

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-40144

Products affected by CVE-2023-40144

Exploit prediction scoring system (EPSS) score for CVE-2023-40144

CVSS scores for CVE-2023-40144

CWE ids for CVE-2023-40144

References for CVE-2023-40144