How severe is CVE-2023-6304?

This vulnerability has a severity rating of HIGH with a CVSS score of 8 out of 10.

What type of vulnerability is CVE-2023-6304?

This is classified as CWE-78, which is a common weakness in software security.

CVE-2023-6304 - HIGH Severity | CVSS 8

Vulnerability Description

A vulnerability was found in Tecno 4G Portable WiFi TR118 TR118-M30E-RR-D-EnFrArSwHaPo-OP-V008-20220830. It has been declared as critical. This vulnerability affects unknown code of the file /goform/goform_get_cmd_process of the component Ping Tool. The manipulation of the argument url leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-246130 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2015-5018

HIGH

CVSS:8.0(High)

IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 IF1, allows remote authenticated users to execute arbitrary OS commands...

CWE-782015

CVE-2017-2183

HIGH

CVSS:8.0(High)

HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings.

CWE-782017

CVE-2018-16216

HIGH

CVSS:8.0(High)

A command injection (missing input validation, escaping) in the monitoring or memory status web interface in AudioCodes 405HD (firmware 2.2.12) VoIP phone allows an authenticated remote attacker in th...

CWE-782018

CVE-2018-19977

HIGH

CVSS:8.0(High)

A command injection (missing input validation, escaping) in the ftp upgrade configuration interface on the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows an authenticated remote attacker (simple...

CWE-782018

CVE-2018-21101

HIGH

CVSS:8.0(High)

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

CWE-782018

CVE-2019-11539

HIGH

CVSS:8.0(High)

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX be...

CWE-782019