CVE-2023-3741

Summary

An OS Command injection vulnerability in NEC Platforms DT900 and DT900S Series all versions allows an attacker to execute any command on the device.

Affected Software

VendorProductVersion RangeStatus
NEC Platforms, LtdITK-6DGS-1(BK) TELall versionsaffected
NEC Platforms, LtdITK-32LCGS-1(BK) TELall versionsaffected
NEC Platforms, LtdITK-32TCGS-1(BK) TELall versionsaffected
NEC Platforms, LtdITK-6D-1(BK)TELall versionsaffected
NEC Platforms, LtdITK-12D-1(BK)TELall versionsaffected
NEC Platforms, LtdITK-8LCX-1(BK)TELall versionsaffected
NEC Platforms, LtdITK-8TCGX-1(BK)TELall versionsaffected
NEC Platforms, LtdITK-6DGS-1A(BK) TELall versionsaffected
NEC Platforms, LtdITK-32LCGS-1A(BK) TELall versionsaffected
NEC Platforms, LtdITK-32TCGS-1A(BK) TELall versionsaffected
NEC Platforms, LtdITK-6DGS-1P(BK) TELall versionsaffected
NEC Platforms, LtdITK-32LCGS-1P(BK) TELall versionsaffected
NEC Platforms, LtdITK-32TCGS-1P(BK) TELall versionsaffected
NEC Platforms, LtdITK-6D-1P(BK)TELall versionsaffected
NEC Platforms, LtdITK-12D-1P(BK)TELall versionsaffected
NEC Platforms, LtdITK-6DG-1P(BK)TELall versionsaffected
NEC Platforms, LtdITK-12DG-1P(BK)TELall versionsaffected
NEC Platforms, LtdITK-8LCX-1P(BK)TELall versionsaffected
NEC Platforms, LtdITK-8LCG-1P(BK)TELall versionsaffected
NEC Platforms, LtdITK-32LCG-1P(BK)TELall versionsaffected
NEC Platforms, LtdITK-8TCGX-1P(BK)TELall versionsaffected
NEC Platforms, LtdITK-32TCG-1P(BK)TELall versionsaffected

Weaknesses

  • CWE-78: CWE-78: Improper Neutralization of Special Elements used in an OS Command

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References