Baicells Nova
Act Now9.8ICS-CERT ICSA-23-033-03Feb 2, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A command injection vulnerability in Baicells Nova 227, 233, 243, and 246 small cell base stations allows an unauthenticated attacker to execute arbitrary commands on the device. The vulnerability exists in firmware version RTS/RTD_3.6.6 and earlier due to improper validation of user-supplied input. Successful exploitation could allow an attacker to execute arbitrary system commands with the privileges of the base station process, potentially disrupting cellular service, intercepting signaling traffic, or establishing persistence.
What this means
What could happen
An attacker could execute arbitrary commands on Baicells Nova small cell base stations, potentially disrupting cellular network connectivity for emergency services and critical infrastructure communications that depend on mobile backhaul.
Who's at risk
Cellular network operators and communications service providers running Baicells Nova 227, 233, 243, or 246 small cell base stations. Organizations relying on these base stations for primary or backup cellular connectivity in rural or distributed environments should prioritize remediation to maintain network availability.
How it could be exploited
An attacker on the network can send a specially crafted command input to the Nova device without authentication. The device fails to properly validate or sanitize the command, allowing execution of arbitrary system commands on the base station processor.
Prerequisites
- Network access to the Nova device management interface or API port
- No authentication required
- Device running firmware version RTS/RTD_3.6.6 or earlier
Remotely exploitableNo authentication requiredLow complexity attackNo patch available for affected firmware versionsAffects communications infrastructureCWE-77 improper neutralization of special elements in command
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (4)
4 with fix
ProductAffected VersionsFix Status
Nova 227: <=RTS/RTD_3.6.6≤ RTS/RTD 3.6.63.7.11.6
Nova 233: <=RTS/RTD_3.6.6≤ RTS/RTD 3.6.63.7.11.6
Nova 243: <=RTS/RTD_3.6.6≤ RTS/RTD 3.6.63.7.11.6
Nova 246: <=RTS/RTD_3.6.6≤ RTS/RTD 3.6.63.7.11.6
Remediation & Mitigation
0/4
Do now
0/2HARDENINGRestrict network access to Nova management interfaces; place base stations behind firewalls and isolate from business networks
WORKAROUNDDisable remote management access unless required; use VPN with strong authentication if remote access is necessary
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpgrade Baicells Nova devices (all models) to firmware version 3.7.11.6 or later via OMC or manual download from Baicells community page
Long-term hardening
0/1HARDENINGMonitor Nova devices for unauthorized command execution or unexpected process activity
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/eda5959d-9ece-479e-9d7a-1c40e233e8b7