How severe is CVE-2023-46306?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.6 out of 10.

What type of vulnerability is CVE-2023-46306?

This is classified as CWE-78, which is a common weakness in software security.

CVE-2023-46306 - MEDIUM Severity | CVSS 6.6

Vulnerability Description

The web administration interface in NetModule Router Software (NRSW) 4.6 before 4.6.0.106 and 4.8 before 4.8.0.101 executes an OS command constructed with unsanitized user input: shell metacharacters in the /admin/gnssAutoAlign.php device_id parameter. This occurs because another thread can be started before the trap that triggers the cleanup function. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. NOTE: this is different from CVE-2023-0861 and CVE-2023-0862, which were fixed in version 4.6.0.105.

Related Vulnerabilities

CVE-2018-0643

MEDIUM

CVSS:6.6(Medium)

Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-server) 1:1.4.9+p41-u4jma1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via unspecified vect...

CWE-782018

CVE-2019-6013

MEDIUM

CVSS:6.6(Medium)

DBA-1510P firmware 1.70b009 and earlier allows authenticated attackers to execute arbitrary OS commands via Command Line Interface (CLI).

CWE-782019

CVE-2020-7735

MEDIUM

CVSS:6.6(Medium)

The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option.

CWE-782020

CVE-2023-47220

MEDIUM

CVSS:6.6(Medium)

An OS command injection vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We...

CWE-782023

CVE-2024-50569

MEDIUM

CVSS:6.6(Medium)

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via craft...

CWE-782024

CVE-2025-23237

MEDIUM

CVSS:6.6(Medium)

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. If a user logs in to CLI of the affected product...

CWE-782025