CVE-2023-6576 : A vulnerability was found in Byzoro S210 up to 20231123. It has been declared as

A vulnerability was found in Byzoro S210 up to 20231123. It has been declared as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php of the component HTTP POST Request Handler. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247156. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Published 2023-12-07 21:15:08

Updated 2024-05-17 02:33:47

Source VulDB

View at NVD, CVE.org

Products affected by CVE-2023-6576

Byzoro » Smart S210 Firmware
Versions up to, including, (<=) 2023-11-21
cpe:2.3:o:byzoro:smart_s210_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Byzoro » Smart S210 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2023-6576

EPSS FAQ

0.13%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 30 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-6576

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P	8.0	6.4	VulDB
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
6.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L	2.8	3.4	VulDB
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: Low
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2023-6576

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Assigned by: cna@vuldb.com (Primary)

References for CVE-2023-6576

https://vuldb.com/?id.247156

CVE-2023-6576: Beijing Baichuo S210 HTTP POST Request uploadfile.php unrestricted upload
Third Party Advisory
https://vuldb.com/?ctiid.247156

CVE-2023-6576: Beijing Baichuo S210 HTTP POST Request uploadfile.php unrestricted upload
Third Party Advisory
https://github.com/willchen0011/cve/blob/main/upload.md

cve/upload.md at main · willchen0011/cve · GitHub
Issue Tracking;Third Party Advisory
https://vuldb.com/?submit.242777

Submit #242777: Beijing Baizhuo Network Technology Co., LTD S210 multi-service security gateway intelligent management platform S210 Any file upload

Jump to

Vulnerability Details : CVE-2023-6576

Products affected by CVE-2023-6576

Exploit prediction scoring system (EPSS) score for CVE-2023-6576

CVSS scores for CVE-2023-6576

CWE ids for CVE-2023-6576

References for CVE-2023-6576