Back to search
CVE-2023-49254
Published: Jan 12, 2024
Modified: Jun 20, 2025
PUBLISHED
Description
Authenticated user can execute arbitrary commands in the context of the root user by providing payload in the "destination" field of the network test tools. This is similar to the vulnerability CVE-2021-28151 mitigated on the user interface level by blacklisting characters with JavaScript, however, it can still be exploited by sending POST requests directly.
| Vendor | Product | Versions |
|---|---|---|
Hongdian | H8951-4G-ESP | affected 0 - < 2310271149 |
Weaknesses (CWE)
References
https://cert.pl/en/posts/2024/01/CVE-2023-49253/
third-party-advisory
https://cert.pl/posts/2024/01/CVE-2023-49253/
third-party-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now