Back to overview

CVE-2023-49900

CRITICAL
9.8
CVSS 3.1
Description
An unauthenticated remote attacker is able to perform remote code execution due to incorrectly sanitized user input in the SetParameter command.

Metadata

CVE ID
CVE-2023-49900
State
PUBLISHED
Assigner
CERTVDE
Reserved
2023-12-01 08:19 UTC
Published
2026-07-16 10:11 UTC
Last updated
2026-07-16 10:11 UTC
Primary CWE
CWE-78
CWE-78 Improper Neutralization of Special Elements used in a…
Vendor / Product
X-Rite / MA-T6
Sources
cve.org  ·  NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products (1)
VendorProductPlatformVersions
X-Rite MA-T6 0 < v2.33
Weakness (CWE)
CWESourceDescription
CWE-78 cna CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS scores (1)
ScoreSeverityVersionSourceVector
9.8 CRITICAL 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Back to overview