CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2023-41917

CVSS 10.0v3.1pub. 2024-07-02upd. 2026-04-15

Inadequate input validation exposes the system to potential remote code execution (RCE) risks. Attackers can exploit this vulnerability by appending shell commands to the Speed-Measurement feature, enabling unauthorized code execution.

🤖 AI Analysis
How it works

The vulnerability consists of insufficient input data validation (CWE-20) in the Speed-Measurement function. An attacker can inject additional shell commands into parameters passed to this function. As a result of this command injection mechanism, the passed commands are executed by the operating system with application privileges, without any authentication.

Impact

A remote, unauthenticated attacker can execute arbitrary code on the attacked system, which may lead to full system compromise, data breach, configuration modification, or disruption of system availability.

Mitigation & patch

Patches available from the vendor should be applied according to the references (see: https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273)

Who is affected

Versions indicated in vendor references (detailed information available in NCSC-2024-0273 message)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCE
CWE
References