CVE-2023-7311
BaseFortify
Publication date: 2025-10-15
Last updated on: 2025-10-16
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| bytevalue | intelligent_flow_control_router | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2023-7311 is a critical command injection vulnerability in BYTEVALUE Intelligent Flow Control Routers. It occurs because the 'path' parameter in the /goform/webRead/open endpoint is not properly validated and is directly used in a shell command context. This flaw allows an attacker to inject and execute arbitrary shell commands on the router, potentially leading to full compromise of the device and its management functions. [1, 3]
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to an attacker writing backdoors on the router, escalating privileges on the host system, and fully compromising the router and its management functions. This means an attacker could take complete control of the device, potentially using it as part of a botnet or to launch further attacks within your network. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for attempts to access the /goform/webRead/open endpoint with suspicious or unusual 'path' parameter values that may contain shell command injection payloads. Network monitoring tools can be used to detect HTTP requests targeting this endpoint. Additionally, scanning tools like Nuclei have proof-of-concept templates available to detect this vulnerability automatically. For manual detection, you can use curl or wget commands to test the endpoint with benign inputs and observe the response. Example command to test the endpoint: curl -v 'http://<router-ip>/goform/webRead/open?path=.' Monitoring logs for unexpected shell commands or unusual outbound connections from the router may also indicate exploitation attempts. [1, 2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the /goform/webRead/open endpoint by implementing network-level controls such as firewall rules to block external access to the router's management interface. Change any default or weak passwords to strong, unique credentials to prevent brute force attacks. Monitor network traffic for signs of exploitation attempts, such as unusual outbound connections or downloads of suspicious scripts like 'bruh.sh'. If possible, isolate the affected device from the network until a patch or firmware update is available. Since no official patch is mentioned, consider disabling the vulnerable service or endpoint if the router's configuration allows it. [1, 3]