Cyber Resilience

CVE-2023-41011

CriticalPublic PoCRCE

Published: 14 September 2023

Published
14 September 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1157 93.8th percentile
Risk Priority 27 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-41011 is a critical-severity Command Injection (CWE-77) vulnerability in Chinamobile Intelligent Home Gateway Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 6.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2023-41011 is a command injection vulnerability, tracked under CWE-77, that affects the China Mobile Intelligent Home Gateway model HG6543C4. The flaw resides in the shortcut_telnet.cg component and permits unauthenticated remote attackers to execute arbitrary operating-system commands. It carries a CVSS 3.1 base score of 9.8, reflecting network attack vector, low attack complexity, and no required privileges or user interaction.

An attacker with network access to an exposed device can send crafted requests directly to shortcut_telnet.cg, resulting in full command execution on the gateway. Successful exploitation grants the attacker the ability to read, modify, or delete data and potentially take complete control of the affected device.

The two referenced GitHub wiki entries document the vulnerability and its reproduction steps but contain no official vendor advisory, patch information, or mitigation guidance. The associated EPSS score has remained flat at 0.1157 since disclosure, indicating no material increase in observed exploitation interest.

EU & UK References

Vulnerability details

Command Execution vulnerability in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a remote attacker to execute arbitrary code via the shortcut_telnet.cg component.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

chinamobile
intelligent home gateway firmware
hg6543c4

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References