An OS command injection vulnerability exists in the httpd iperfrun.cgi functionality of FreshTomato 2023.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.
References
Link | Resource |
---|---|
https://govtech-csg.github.io/security-advisories/2023/10/16/CVE-2023-3991.html | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GovTech CSG
Published: 2023-10-16T09:07:46.666Z
Updated: 2023-10-16T09:14:32.286Z
Reserved: 2023-07-28T03:32:37.859Z
Link: CVE-2023-3991
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-10-16T10:15:11.000
Modified: 2023-10-20T15:21:56.180
Link: CVE-2023-3991
JSON object: View
Redhat Information
No data.
CWE