CVE-2023-3049

Vulnerability

TMT Lockcell before version 15 contains an unrestricted file upload vulnerability that allows a dangerous file type to be uploaded, enabling command injection. The vulnerability exists in the file upload functionality accessible without authentication or prior privileges. Affected versions are Lockcell prior to 15. [1]

Exploitation

An unauthenticated attacker can send a crafted HTTP request to the Lockcell web interface, uploading a file containing malicious payload interpreted as a command. The attacker does not need any credentials or special network access beyond reachability of the web service. The vulnerable upload function accepts arbitrary file types without validation, leading to command execution on the server. [1]

Impact

Successful exploitation allows remote attackers to execute arbitrary commands on the underlying operating system with the privileges of the web server. This leads to full compromise of confidentiality, integrity, and availability of the affected device. [1]

Mitigation

TMT Lockcell released version 15 to fix the issue. Users should upgrade immediately to version 15 or later. No other workarounds are documented in the available references. [1]