Cyber Resilience

CVE-2023-6274

MediumPublic PoC

Published: 24 November 2023

Published
24 November 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0003 10.7th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-6274 is a medium-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Byzoro Smart S80 Firmware. Its CVSS base score is 6.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 10.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2023-6274 is an unrestricted file upload vulnerability in Byzoro Smart S80 versions up to 20231108. It resides in the PHP File Handler component, specifically the file /sysmanage/updatelib.php, where the file_upload argument can be manipulated to accept arbitrary files without validation. The issue is tracked under CWE-434 and carries a CVSS 3.1 score of 6.3.

Remote attackers with low-privileged credentials can exploit the flaw over the network to upload malicious files, enabling limited impacts on confidentiality, integrity, and availability. Public exploit code has been released, and the vendor did not respond to disclosure.

The listed references consist of Vuldb entries and a GitHub repository containing proof-of-concept details; no official patches or mitigation guidance are provided. The EPSS score rose from a low baseline to a peak of 0.0583 in January 2025 before receding, indicating a temporary increase in exploitation interest after public disclosure.

EU & UK References

Vulnerability details

A vulnerability was found in Byzoro Smart S80 up to 20231108. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/updatelib.php of the component PHP File Handler. The manipulation of the argument…

more

file_upload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246103. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Unrestricted file upload in the public-facing PHP web application (/sysmanage/updatelib.php) enables remote exploitation of a public-facing application, potentially leading to RCE.

Affected Assets

byzoro
smart s80 firmware
≤ 2023-11-08

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-434

Requiring identifiable owners for portable devices reduces the attack surface for unrestricted uploads of dangerous file types via anonymous media.

addresses: CWE-434

Dangerous file uploads can be detonated in the chamber to determine malice before any production write or execution occurs.

addresses: CWE-434

Prevents unrestricted writing of arbitrary or malicious firmware by keeping hardware write-protect enabled except under tightly controlled manual procedures.

addresses: CWE-434

Scans files from external sources on download/open/execute, blocking unrestricted uploads of dangerous file types.

References