cvedb.io
CVE-2023-1097
CRITICAL · CVSS 9.3
EPSS exploitation probability: 0%
Published 2023-03-01T20:15:11.073 · Last modified 2026-06-17T05:27:06.453

Summary

Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party analyst and have been confirmed exploitable special thanks to Lionel Musonza for the discovery.

Affected products

baicells — eg7035-m11_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when baicells ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.