Login Sign Up

CVE-2023-43321

8.8 HIGH
Remote Code Execution

📋 TL;DR

This CVE describes an authenticated command injection vulnerability in Digital China Networks DCFW-1800-SDC firewall devices. An attacker with valid credentials can upload malicious files and execute arbitrary code via the wget function in cloudadmin.sh. This affects organizations using vulnerable versions of this specific firewall model.

💻 Affected Systems

Products:
  • Digital China Networks DCFW-1800-SDC
Versions: v3.0
Operating Systems: Custom firewall OS
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated access to administrative interface. Default credentials or weak authentication increases risk.

📦 What is this software?

Dcfw 1800 Sdc Firmware by Dcnetworks

View all CVEs affecting Dcfw 1800 Sdc Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attacker to pivot to internal networks, steal sensitive data, deploy ransomware, or establish persistent backdoors.

🟠

Likely Case

Attacker gains shell access to firewall, modifies configurations, intercepts network traffic, or uses device as pivot point for lateral movement.

🟢

If Mitigated

Limited impact due to network segmentation, strong authentication controls, and restricted administrative access.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires authentication but is straightforward once credentials are obtained. Public proof-of-concept available on GitHub.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

Check vendor website for security updates. Contact Digital China Networks support for patch availability and installation guidance.

🔧 Temporary Workarounds

Restrict administrative access

all

Limit administrative interface access to specific IP addresses using firewall rules.

Implement strong authentication

all

Enforce complex passwords, multi-factor authentication, and regular credential rotation for administrative accounts.

🧯 If You Can't Patch

  • Isolate vulnerable device in dedicated management VLAN with strict access controls
  • Implement network segmentation to limit lateral movement if device is compromised

🔍 How to Verify

Check if Vulnerable:

Check device version via web interface or CLI. If running DCFW-1800-SDC v3.0, assume vulnerable.

Check Version:

Check via web interface: System > System Information, or via CLI: show version

Verify Fix Applied:

Verify with vendor if patch exists and confirm version is updated beyond v3.0.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads via administrative interface
  • Suspicious wget commands in system logs
  • Unauthorized configuration changes

Network Indicators:

  • Unexpected outbound connections from firewall management interface
  • Traffic to unusual ports from firewall

SIEM Query:

source="firewall_logs" AND (event="file_upload" OR command="wget") AND user="admin"

📊 Metadata

CVE ID: CVE-2023-43321
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
Published: October 4, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-43321, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)