VYPR
Unrated severityNVD Advisory· Published Mar 1, 2023· Updated Mar 7, 2025

Unauthenticated Command Injection EG7035-M11 Series

CVE-2023-1097

Description

Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party analyst and have been confirmed exploitable special thanks to Lionel Musonza for the discovery.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Baicells/EG7035-M11llm-create2 versions
    <=BCE-ODU-1.0.8+ 1 more
    • (no CPE)range: <=BCE-ODU-1.0.8
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.