Cyber Resilience

CVE-2023-33381

HighPublic PoCRCE

Published: 06 June 2023

Published
06 June 2023
Modified
08 January 2025
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.4581 97.7th percentile
Risk Priority 42 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-33381 is a high-severity OS Command Injection (CWE-78) vulnerability in Mitrastar Gpt-2741Gnac Firmware. Its CVSS base score is 7.2 (High).

Operationally, ranked in the top 2.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as APIs and Models.

Deeper analysis

A command injection vulnerability tracked as CVE-2023-33381 affects the ping functionality in the MitraStar GPT-2741GNAC router running firmware version AR_g5.8_110WVN0b7_2. The flaw, assigned CWE-78, permits an authenticated user to supply specially crafted input that results in execution of arbitrary operating-system commands on the device. It carries a CVSS 3.1 base score of 7.2, reflecting network attack vector, low complexity, and high impact across confidentiality, integrity, and availability when the attacker holds administrative credentials.

An authenticated administrator can exploit the issue remotely by submitting malicious payloads through the router’s ping interface, thereby gaining the ability to run arbitrary commands with the privileges of the underlying operating system. Successful exploitation can lead to full device compromise, including the ability to alter configuration, exfiltrate data, or pivot further into the network.

Public references include a proof-of-concept repository demonstrating the injection technique, along with vendor sites for MitraStar and the affected product; no official advisory or firmware patch addressing the flaw is referenced in the available sources. The CVE’s EPSS score currently stands at 0.5803 with a recorded peak of 0.6030.

EU & UK References

Vulnerability details

A command injection vulnerability was found in the ping functionality of the MitraStar GPT-2741GNAC router (firmware version AR_g5.8_110WVN0b7_2). The vulnerability allows an authenticated user to execute arbitrary OS commands by sending specially crafted input to the router via the ping…

more

function.

CWE(s)

AI Security AnalysisAI

AI Category
APIs and Models
Risk Domain
N/A
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: gpt

Related Threats

Affected Assets

mitrastar
gpt-2741gnac firmware
ar_g5.8_110wvn0b7_2

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References