Security for everyone

CVE-2023-37265 Scanner

Detects 'OS Command Injection' vulnerability in IceWhaleTech CasaOS-Gateway affects v. before 0.4.4.


Short Info



Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one




The IceWhaleTech CasaOS-Gateway is an open-source Personal Cloud system that provides users with an efficient and secure way to store and manage their data. CasaOS-Gateway is designed to run on various hardware platforms, including single-board computers, and supports a variety of file-sharing protocols, such as SMB, FTP, and NFS. The system provides users with an intuitive web interface that allows them to manage their data and configure their network settings easily.

However, despite the system's potential benefits, it was discovered that CasaOS-Gateway had a critical vulnerability, known as CVE-2023-37265. This vulnerability allowed unauthenticated attackers to execute arbitrary commands as the root user on CasaOS instances. The problem was caused by a lack of IP address verification, which allowed attackers to spoof their IP address and gain unauthorized access to the system.

If exploited, this vulnerability could lead to various consequences, such as data theft and system compromise. Attackers could steal sensitive data, such as login credentials and financial information, or use the compromised system to launch further attacks against other systems.

In conclusion, the IceWhaleTech CasaOS-Gateway is an innovative Personal Cloud system that provides users with an efficient and secure way to store and manage their data. However, a critical vulnerability, known as CVE-2023-37265, was discovered, which could lead to severe consequences if exploited. To protect against this vulnerability, users are advised to take several precautions, as described above. Finally, we encourage all users to check their digital assets for vulnerabilities regularly and quickly learn about vulnerabilities with the pro features of the platform.



cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture