CVE-2023-3991: OS command injection vulnerability in FreshTomato 2023.3
First published: Mon Oct 16 2023(Updated: )
An OS command injection vulnerability exists in the httpd iperfrun.cgi functionality of FreshTomato 2023.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.
Credit: cve_disclosure@tech.gov.sg cve_disclosure@tech.gov.sg
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Freshtomato Freshtomato | =2023.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-3991?
CVE-2023-3991 is an OS command injection vulnerability in the httpd iperfrun.cgi functionality of FreshTomato 2023.3.
How severe is CVE-2023-3991?
CVE-2023-3991 has a severity rating of 9.8 (critical).
How does CVE-2023-3991 affect FreshTomato 2023.3?
CVE-2023-3991 allows arbitrary command execution when a specially crafted HTTP request is received by the httpd iperfrun.cgi functionality of FreshTomato 2023.3.
What is the Common Weakness Enumeration (CWE) associated with CVE-2023-3991?
CVE-2023-3991 is associated with CWE-77 (Improper Neutralization of Special Elements used in a Command) and CWE-78 (Improper Neutralization of Special Elements used in an OS Command) weaknesses.
Is there a reference for CVE-2023-3991?
You can find more information about CVE-2023-3991 at https://govtech-csg.github.io/security-advisories/2023/10/16/CVE-2023-3991.html.
- collector/nvd-api
- collector/nvd-index
- agent/weakness
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/last-modified-date
- agent/references
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- vendor/freshtomato
- canonical/freshtomato freshtomato
- version/freshtomato freshtomato/2023.3