{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T04:39:07.257","vulnerabilities":[{"cve":{"id":"CVE-2023-38126","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2023-12-19T22:15:07.460","lastModified":"2024-11-21T08:12:54.843","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the processing of backup zip files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this to execute code in the context of root. Was ZDI-CAN-20543."},{"lang":"es","value":"Vulnerabilidad de Ejecución Remota de Código de Directory Traversal de la restauración de configuración en Softing edgeAggregator. Esta vulnerabilidad permite a atacantes remotos ejecutar código arbitrario en las instalaciones afectadas de Softing edgeAggregator. Se requiere autenticación para aprovechar esta vulnerabilidad. El fallo específico existe en el procesamiento de archivos zip de respaldo. El problema se debe a la falta de validación adecuada de una ruta proporcionada por el usuario antes de usarla en operaciones de archivos. Un atacante puede aprovechar esto para ejecutar código en el contexto del root. Era ZDI-CAN-20543."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV30":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:softing:edgeaggregator:3.4.0:*:*:*:*:*:*:*","matchCriteriaId":"E5067FBA-2EF6-4186-9BF9-D58F87FE54A9"}]}]}],"references":[{"url":"https://www.zerodayinitiative.com/advisories/ZDI-23-1058/","source":"zdi-disclosures@trendmicro.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-23-1058/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}}]}