CVE-2023-1082

Summary

An remote attacker with low privileges can perform a command injection which can lead to root access.

Affected Software

VendorProductVersion RangeStatus
WelotecTK515L0 < v2.3.0.r5542affected
WelotecTK515L Set0 < v2.3.0.r5542affected
WelotecTK515L-W0 < v2.3.0.r5542affected
WelotecTK515L-W Set0 < v2.3.0.r5542affected
WelotecTK525L0 < v2.3.0.r5542affected
WelotecTK525L Set0 < v2.3.0.r5542affected
WelotecTK525L-W0 < v2.3.0.r5542affected
WelotecTK525L-W Set0 < v2.3.0.r5542affected
WelotecTK525U0 < v2.3.0.r5542affected
WelotecTK525U Set0 < v2.3.0.r5542affected
WelotecTK525W0 < v2.3.0.r5542affected
WelotecTK525W Set0 < v2.3.0.r5542affected
WelotecTK535L10 < v2.3.0.r5542affected
WelotecTK535L1 Set0 < v2.3.0.r5542affected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References