Home

Description

BYTEVALUE Intelligent Flow Control Router contains a command injection vulnerability via the /goform/webRead/open endpoint. The `path` parameter is not properly validated and is echoed into a shell context, allowing an attacker to inject and execute arbitrary shell commands on the device. Successful exploitation can lead to writing backdoors, privilege escalation on the host, and full compromise of the router and its management functions. VulnCheck has observed this vulnerability being targeted by the RondoDox botnet campaign.

PUBLISHED Reserved 2025-10-14 | Published 2025-10-15 | Updated 2025-10-15 | Assigner VulnCheck




CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status
unaffected

*
affected

Credits

Anonymous User on CSDN finder

References

github.com/...poc/web/bytevalue_goform_webread_open_rce.yaml exploit

isc.sans.edu/...er+vulnerability+included+in+Mirai+Bot/30642 technical-description exploit

blog.csdn.net/zkaqlaoniao/article/details/134328873 technical-description exploit

www.vulncheck.com/...t-flow-control-router-command-injection third-party-advisory

cve.org (CVE-2023-7311)

nvd.nist.gov (CVE-2023-7311)

Download JSON