CVE-2023-53908

High CVSS: 8.7

HiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to modify their access role through XML-based NETCONF configuration. Attackers can send crafted XML payloads to the /mops_data endpoint with a specific role value to elevate their user privileges to administrative level.

Vendor

Product

CWE

CWE-269

Yayın Tarihi

2025-12-17 23:15:49

Güncelleme

2026-04-02 19:16:51

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-269 HIGH 2025

Referanslar

https://www.belden.com/products/industrial-networking-cybersecurity/software-solutions/device-software/hisecos-firewall-software https://www.exploit-db.com/exploits/51537 https://www.vulncheck.com/advisories/hisecos-privilege-escalation-via-user-role-modification