CVE-2023-3741

An OS Command injection vulnerability in NEC Platforms DT900 and DT900S Series all versions allows an attacker to execute any command on the device.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://https://jpn.nec.com/security-info/secinfo/nv23-011_en.html	Broken Link

Configurations

Configuration 1 (hide)

AND

cpe:2.3:h:nec:itk-6dgs-1\(bk\)tel:-:*:*:*:*:*:*:*

cpe:2.3:o:nec:itk-6dgs-1\(bk\)tel_firmware:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:h:nec:itk-32lcgs-1\(bk\)tel:-:*:*:*:*:*:*:*

cpe:2.3:o:nec:itk-32lcgs-1\(bk\)tel_firmware:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:h:nec:itk-32tcgs-1\(bk\)tel:-:*:*:*:*:*:*:*

cpe:2.3:o:nec:itk-32tcgs-1\(bk\)tel_firmware:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:h:nec:itk-6d-1\(bk\)tel:-:*:*:*:*:*:*:*

cpe:2.3:o:nec:itk-6d-1\(bk\)tel_firmware:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:h:nec:itk-12d-1\(bk\)tel:-:*:*:*:*:*:*:*

cpe:2.3:o:nec:itk-12d-1\(bk\)tel_firmware:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:h:nec:itk-8lcx-1\(bk\)tel:-:*:*:*:*:*:*:*

cpe:2.3:o:nec:itk-8lcx-1\(bk\)tel_firmware:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:h:nec:itk-8tcgx-1\(bk\)tel:-:*:*:*:*:*:*:*

cpe:2.3:o:nec:itk-8tcgx-1\(bk\)tel_firmware:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:h:nec:itk-6dgs-1a\(bk\)tel:-:*:*:*:*:*:*:*

cpe:2.3:o:nec:itk-6dgs-1a\(bk\)tel_firmware:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:nec:itk-32lcgs-1a\(bk\)tel_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:itk-32lcgs-1a\(bk\)tel:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:nec:itk-32tcgs-1a\(bk\)tel_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:itk-32tcgs-1a\(bk\)tel:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:nec:itk-6dgs-1p\(bk\)tel_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:itk-6dgs-1p\(bk\)tel:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:nec:itk-32lcgs-1p\(bk\)tel_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:itk-32lcgs-1p\(bk\)tel:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:nec:itk-32tcgs-1p\(bk\)tel_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:itk-32tcgs-1p\(bk\)tel:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:nec:itk-6d-1p\(bk\)tel_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:itk-6d-1p\(bk\)tel:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:nec:itk-12d-1p\(bk\)tel_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:itk-12d-1p\(bk\)tel:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:nec:itk-6dg-1p\(bk\)tel_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:itk-6dg-1p\(bk\)tel:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:nec:itk-12dg-1p\(bk\)tel_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:itk-12dg-1p\(bk\)tel:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:nec:itk-8lcx-1p\(bk\)tel_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:itk-8lcx-1p\(bk\)tel:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:nec:itk-8lcg-1p\(bk\)tel_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:itk-8lcg-1p\(bk\)tel:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:nec:itk-32lcg-1p\(bk\)tel_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:itk-32lcg-1p\(bk\)tel:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:nec:itk-8tcgx-1p\(bk\)tel_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:itk-8tcgx-1p\(bk\)tel:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:nec:itk-32tcg-1p\(bk\)tel_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nec:itk-32tcg-1p\(bk\)tel:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-11-30 01:15

Updated : 2023-12-05 01:52

NVD link : CVE-2023-3741

Mitre link : CVE-2023-3741

CVE.ORG link : CVE-2023-3741

JSON object : View

Products Affected

nec

itk-32tcgs-1\(bk\)tel_firmware
itk-32tcgs-1\(bk\)tel
itk-12dg-1p\(bk\)tel_firmware
itk-12d-1\(bk\)tel
itk-8lcg-1p\(bk\)tel
itk-32lcgs-1a\(bk\)tel_firmware
itk-6d-1p\(bk\)tel_firmware
itk-8lcg-1p\(bk\)tel_firmware
itk-32lcgs-1\(bk\)tel_firmware
itk-32tcgs-1p\(bk\)tel
itk-8lcx-1p\(bk\)tel_firmware
itk-6dgs-1a\(bk\)tel
itk-32lcgs-1p\(bk\)tel
itk-8lcx-1\(bk\)tel
itk-6dgs-1p\(bk\)tel
itk-6dgs-1a\(bk\)tel_firmware
itk-32lcgs-1a\(bk\)tel
itk-32tcgs-1p\(bk\)tel_firmware
itk-6dgs-1p\(bk\)tel_firmware
itk-32lcg-1p\(bk\)tel
itk-8lcx-1\(bk\)tel_firmware
itk-8tcgx-1\(bk\)tel
itk-32lcgs-1p\(bk\)tel_firmware
itk-12dg-1p\(bk\)tel
itk-32tcgs-1a\(bk\)tel_firmware
itk-12d-1p\(bk\)tel_firmware
itk-12d-1p\(bk\)tel
itk-6dgs-1\(bk\)tel
itk-32lcg-1p\(bk\)tel_firmware
itk-6dg-1p\(bk\)tel_firmware
itk-8lcx-1p\(bk\)tel
itk-32tcgs-1a\(bk\)tel
itk-12d-1\(bk\)tel_firmware
itk-6d-1\(bk\)tel_firmware
itk-32tcg-1p\(bk\)tel
itk-6d-1\(bk\)tel
itk-6dg-1p\(bk\)tel
itk-6dgs-1\(bk\)tel_firmware
itk-8tcgx-1\(bk\)tel_firmware
itk-32lcgs-1\(bk\)tel
itk-6d-1p\(bk\)tel
itk-8tcgx-1p\(bk\)tel
itk-8tcgx-1p\(bk\)tel_firmware
itk-32tcg-1p\(bk\)tel_firmware

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

9.8 /10