2023-1-24 RTS Remote Code Execution Vulnerability

Blake Volk
Blake Volk
  • Updated

First Published:

2023 January 24

Last Updated:

2023 January 24

Workarounds:

Upgrade to RTS/RTD 3.7.11.6 code or later

Summary:

Baicells Nova 227, Nova 233, Nova 243 LTE TDD eNodeB devices and Nova 246 with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. More information regarding CVE-2023-24508 can be reviewed here: CVE-2023-24508

Affected Products: 

  • Nova 227
  • Nova 233
  • Nova 243
  • Nova 246

Resolution:

Baicells has resolved this vulnerability in software version 3.7.11.3 and later. Baicells recommends that all customers currently running an earlier version of RTS/RTD upgrade their products to the 3.7.11.6 firmware. Firmware can be downloaded from our community page or upgraded via OMC. 

 

RTS 3.7.11.6: Firmware Download

Was this article helpful?

/

Comments

0 comments

Please sign in to leave a comment.