Primary

Context

3onedata Modbus Gateway OS Command Injection Vulnerability in GW1101-1D(RS-485)-TB-P

Vulnerability

A command injection vulnerability has been identified in the 3onedata Modbus gateway model GW1101-1D(RS-485)-TB-P, hardware version V2.2.0. This vulnerability allows authenticated users to execute arbitrary shell commands as the root user. The issue arises from the 'IP address' field in the diagnosis test tools, where payloads can be injected. The vulnerability affects all versions prior to the fixed firmware version 3.0.59B2024080600R4353.

Impact

Exploitation of this vulnerability allows for arbitrary command execution with root privileges on the affected device.

Remediation

Users can upgrade to firmware version 3.0.59B2024080600R4353 to address this vulnerability.

Added: May 4, 2026, 3:25 PM

Updated: May 4, 2026, 3:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.5

remediation

0.0

relevance

7.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.5

remediation

0.0

relevance

7.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

3onedata Modbus Gateway OS Command Injection Vulnerability in GW1101-1D(RS-485)-TB-P

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating