A vulnerability classified as critical was found in Cassia Gateway XC1000_2.1.1.2303082218/XC2000_2.1.1.2303090947. This vulnerability affects some unknown functionality of the file /bypass/config. The manipulation of the argument queueUrl with an unknown input leads to a os command injection vulnerability. The CWE definition for the vulnerability is CWE-78. The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:

In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup.

The weakness was published 01/10/2024. The advisory is available at github.com. This vulnerability was named CVE-2023-31446 since 04/28/2023. Technical details are known, but there is no available exploit. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment (estimation calculated on 01/27/2024). This vulnerability is assigned to T1202 by the MITRE ATT&CK project.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Productinfo

Vendor

• Cassia

Name

• Gateway

Version

• XC1000_2.1.1.2303082218
• XC2000_2.1.1.2303090947

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion