Sign In
Advisories

Selea CarPlateServer 4.0.1.6 Remote Program Execution via Configuration Endpoint

Go Back
severity
critical
date
Affecting

  • 4.0.1.6(210120)

  • 4.013(201105)

  • 3.100(200225)

  • 3.005(191206)

  • 3.005(191112)

CWE
  • CWE-306 Missing Authentication for Critical Function
CVSS
9.3
CVSS V4 Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Credit
LiquidWorm as Gjoko Krstic of Zero Science Lab
Description
Selea CarPlateServer 4.0.1.6 contains a remote program execution vulnerability that allows attackers to execute arbitrary Windows binaries by manipulating the NO_LIST_EXE_PATH configuration parameter. Attackers can bypass authentication through the /cps/ endpoint and modify server configuration, including changing admin passwords and executing system commands.