CVE-2023-4121 : A vulnerability was found in Byzoro Smart S85F Management Platform up to 2023072

A vulnerability was found in Byzoro Smart S85F Management Platform up to 20230722. It has been classified as critical. Affected is an unknown function. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235968. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Published 2023-08-03 10:15:10

Updated 2024-05-17 02:31:21

Source VulDB

View at NVD, CVE.org

Products affected by CVE-2023-4121

Byzoro » Smart S85f
Versions up to, including, (<=) 20230722
cpe:2.3:a:byzoro:smart_s85f:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-4121

EPSS FAQ

0.02%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 5 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-4121

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P	8.0	6.4	VulDB
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
6.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L	2.8	3.4	VulDB
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: Low
6.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L	2.8	3.4	VulDB	2024-02-29
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: Low
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2023-4121

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Assigned by: cna@vuldb.com (Primary)

References for CVE-2023-4121

https://vuldb.com/?submit.185755

Submit #185755: A file upload vulnerability exists in the database management of the Smart S85F management platform
https://github.com/torres14852/cve/blob/main/upload.md

cve/upload.md at main · torres14852/cve · GitHub
Exploit;Third Party Advisory
https://vuldb.com/?id.235968

CVE-2023-4121: Beijing Baichuo Smart S85F Management Platform unrestricted upload
Third Party Advisory;VDB Entry
https://vuldb.com/?ctiid.235968

Permissions Required;Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2023-4121

Products affected by CVE-2023-4121

Exploit prediction scoring system (EPSS) score for CVE-2023-4121

CVSS scores for CVE-2023-4121

CWE ids for CVE-2023-4121

References for CVE-2023-4121