CVE-2023-27826

SeowonIntech SWC 5100W WIMAX Bootloader 1.18.19.0, HW 0.0.7.0, and FW 1.11.0.1, 1.9.9.4 are vulnerable to OS Command Injection. which allows attackers to take over the system with root privilege by abusing doSystem() function.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
VendorProductVersion
seowonintechswc-5100w_firmware
1.9.9.4
seowonintechswc-5100w_firmware
1.11.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://pastebin.com/raw/buhVV7iL
https://usermanual.wiki/SEOWON-INTECH/SWC5100W
https://www.exploit-db.com/exploits/51311
https://pastebin.com/raw/buhVV7iL
https://usermanual.wiki/SEOWON-INTECH/SWC5100W
https://www.exploit-db.com/exploits/51311