2023-1-24 RTS Remote Code Execution Vulnerability

Blake Volk
Blake Volk
  • Updated

First Published:

2023 January 24

Last Updated:

2023 January 24


Upgrade to RTS/RTD code or later


Baicells Nova 227, Nova 233, Nova 243 LTE TDD eNodeB devices and Nova 246 with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. More information regarding CVE-2023-24508 can be reviewed here: CVE-2023-24508

Affected Products: 

  • Nova 227
  • Nova 233
  • Nova 243
  • Nova 246


Baicells has resolved this vulnerability in software version and later. Baicells recommends that all customers currently running an earlier version of RTS/RTD upgrade their products to the firmware. Firmware can be downloaded from our community page or upgraded via OMC. 


RTS Firmware Download

Was this article helpful?




Please sign in to leave a comment.