Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-0861 PoC — Authenticated Command Injection in NetModule NSRW

Source
https://github.com/seifallahhomrani1/CVE-2023-0861-POC
Associated Vulnerability
Title:Authenticated Command Injection in NetModule NSRW (CVE-2023-0861)
Description:NetModule NSRW web administration interface executes an OS command constructed with unsanitized user input. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103.
Description
Analyzing and Reproducing the Command Injection Vulnerability (CVE-2023-0861) in NetModule Routers
Readme
### Analyzing and Reproducing the Command Injection Vulnerability (CVE-2023-0861) in NetModule Routers

NetModule is an Original Equipment Manufacturer (OEM) of industrial grade routers that are commonly used in critical
infrastructure and industrial control systems. On February 24th, 2023, ONEKEY, a security research firm, released a security
advisory disclosing a vulnerability that affect 9 NetModule routers. The vulnerability were identified within the web
management interface and allow authenticated users to execute arbitrary commands with elevated privileges.
As an individual interested in IoT security and firmware analysis, I find it valuable to review the entire reproduction process of
reported vulnerabilities and In the pursuit of expanding my knowledge and skills, I took it upon myself to reproduce the
disclosed vulnerability.
File Snapshot

 [4.0K]  /data/pocs/e026ab344347e1fe78c2ef1fea4e3a0373ea483c
├── [222K]  Analyzing and Reproducing the Command Injection Vulnerability (CVE-2023-0861) in NetModule Routers.pdf
├── [1.1K]  PoC-CVE-2023-0861.py
└── [ 848]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →