virus logo Intrusion Prevention

NetModule.NRSW.gnssAutoAlign.php.Command.Injection

description-logoDescription

This indicates an attack attempt to exploit an OS Command Injection Vulnerability in NetModule NRSW web admin interface.
This vulnerability is due to lack of input validation in the application. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the endpoint. Successfully exploiting this vulnerability could result in the execution of arbitrary OS commands with escalated privileges.

affected-products-logoAffected Products

NetModule Router Software (NRSW) 4.3.0.0 to 4.3.0.118
NetModule Router Software (NRSW) 4.4.0.0 to 4.4.0.117
NetModule Router Software (NRSW) 4.6.0.0 to 4.6.0.104
NetModule Router Software (NRSW) 4.7.0.0 to 4.7.0.102

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.netmodule.com/en/products/software-overview/router-software

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2024-04-01 27.758 Default_action:pass:drop
2024-03-20 27.752
ID 54860
Created Mar 12, 2024
Updated Mar 20, 2024
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2023-0861
Exploit Prediction Score 0.12%
Default Action drop
Active
Affected OS Other
Affected App PHP_app