CVE-2023-31746

{"id": "CVE-2023-31746", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-06-14T21:15:09.610", "references": [{"url": "https://github.com/D2y6p/CVE/blob/main/adslr/CVE-2023-31746/1/VW2100_RCE1.pdf", "tags": ["Broken Link", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://github.com/D2y6p/CVE/blob/main/adslr/CVE-2023-31746/2/VW2100_RCE2.pdf", "tags": ["Broken Link", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://github.com/D2y6p/CVE/blob/main/adslr/CVE-2023-31746/3/VW2100_RCE3.pdf", "tags": ["Broken Link", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://github.com/D2y6p/CVE/blob/main/adslr/CVE-2023-31746/4/VW2100_RCE4.pdf", "tags": ["Broken Link", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://github.com/D2y6p/CVE/blob/main/adslr/CVE-2023-31746/1/VW2100_RCE1.pdf", "tags": ["Broken Link", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/D2y6p/CVE/blob/main/adslr/CVE-2023-31746/2/VW2100_RCE2.pdf", "tags": ["Broken Link", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/D2y6p/CVE/blob/main/adslr/CVE-2023-31746/3/VW2100_RCE3.pdf", "tags": ["Broken Link", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/D2y6p/CVE/blob/main/adslr/CVE-2023-31746/4/VW2100_RCE4.pdf", "tags": ["Broken Link", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-77"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "There is a command injection vulnerability in the adslr VW2100 router with firmware version M1DV1.0. An unauthenticated attacker can exploit the vulnerability to execute system commands as the root user."}, {"lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos en el router adslr VW2100 con la versi\u00f3n de firmware M1DV1.0. Un atacante no autenticado puede aprovechar esta vulnerabilidad para ejecutar comandos del sistema como usuario root."}], "lastModified": "2025-08-01T02:11:11.500", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:adslr:vw2100_firmware:m1dv1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E2FB980-BCD2-4CE9-BF69-0C713480F2FC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:adslr:vw2100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BC0ADEEF-234D-4564-BB73-730AE2D3A805"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}