CVE-2023-24508 : Security Advisory and Response
Discover the impact of CVE-2023-24508 on Baicells Nova LTE TDD eNodeB devices, allowing remote code execution via HTTP command injections. Mitigate with firmware update to version 3.7.11.6.
This CVE record discusses a vulnerability in Baicells Nova 227, Nova 233, Nova 243 LTE TDD eNodeB, and Nova 246 devices with firmware through RTS/RTD 3.6.6, which can be exploited for remote shell code execution via HTTP command injections.
Understanding CVE-2023-24508
This section delves deeper into the details surrounding CVE-2023-24508.
What is CVE-2023-24508?
Baicells Nova 227, Nova 233, Nova 243 LTE TDD eNodeB, and Nova 246 devices with firmware through RTS/RTD 3.6.6 are susceptible to remote shell code exploitation through HTTP command injections. The vulnerability allows commands to be executed pre-login with root permissions, making it exploitable by unauthorized users.
The Impact of CVE-2023-24508
The impact of this vulnerability is significant as it can lead to remote code execution, potentially enabling attackers to compromise the affected devices, execute malicious commands, and gain unauthorized access with elevated privileges.
Technical Details of CVE-2023-24508
This section provides technical insights into CVE-2023-24508 and how it can affect systems and versions.
Vulnerability Description
The vulnerability allows remote shell code exploitation through HTTP command injections, enabling malicious actors to execute commands pre-login with root permissions.
Affected Systems and Versions
Baicells Nova 227, Nova 233, Nova 243 LTE TDD eNodeB, and Nova 246 devices with firmware through RTS/RTD 3.6.6 are impacted by this vulnerability.
Exploitation Mechanism
To exploit this vulnerability, the affected device must be configured and running on 3.6.6 firmware or older and be accessible on the internal or public network. Enabling the Web interface opens the path for exploitation through the described method.
Mitigation and Prevention
In this section, you will find essential steps to mitigate and prevent the CVE-2023-24508 vulnerability.
Immediate Steps to Take
Users are advised to upgrade their devices to firmware version 3.7.11.6 to eliminate the vulnerability and protect against remote code execution.
Long-Term Security Practices
Implementing regular firmware updates, conducting security audits, and minimizing network exposure can help enhance the overall security posture of Baicells Nova devices.
Patching and Updates
Baicells recommends that all customers running an earlier version of RTS/RTD firmware upgrade their products to version 3.7.11.6 to address the vulnerability and improve system security.