{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-29T16:20:29.224","vulnerabilities":[{"cve":{"id":"CVE-2023-1097","sourceIdentifier":"security@baicells.com","published":"2023-03-01T20:15:11.073","lastModified":"2026-06-17T05:27:06.453","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Baicells EG7035-M11 devices with firmware through  BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party analyst and have been confirmed exploitable special thanks to Lionel Musonza for the discovery.\n\n\n\n\n\n"}],"affected":[{"source":"security@baicells.com","affectedData":[{"vendor":"Baicells","product":"EG7035-M11","defaultStatus":"unaffected","platforms":["BCE"],"versions":[{"version":"0","lessThanOrEqual":" BCE-ODU-1.0.8","versionType":"patch","status":"affected","changes":[{"at":"BaiCE_BM_2.5.26","status":"unaffected"}]}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@baicells.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-03-07T15:53:08.611371Z","id":"CVE-2023-1097","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@baicells.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:baicells:eg7035-m11_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"bce-odu-1.0.8","matchCriteriaId":"36273B84-D85D-43E1-92E2-B30F5C68E989"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:baicells:eg7035-m11:-:*:*:*:*:*:*:*","matchCriteriaId":"3EA6185C-6193-4821-823C-7C6BF54208B9"}]}]}],"references":[{"url":"https://community.na.baicells.com/t/baice-bm-2-5-26-new-cpe-software-has-been-released/1756","source":"security@baicells.com","tags":["Release Notes"]},{"url":"https://img.baicells.com//Upload/20220524/FILE/BaiCE_BM_2.5.26_NA.bin.bin","source":"security@baicells.com","tags":["Product"]},{"url":"https://community.na.baicells.com/t/baice-bm-2-5-26-new-cpe-software-has-been-released/1756","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://img.baicells.com//Upload/20220524/FILE/BaiCE_BM_2.5.26_NA.bin.bin","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]}]}}]}