Security Advisory

CVE-2023-31446

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-01-10 00:00:00

Last updated 2025-06-20 15:36:04

Assigner mitre

State PUBLISHED

Description

In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup.

← Browse all CVEs View on cve.org ↗