CVE-2023-54329

CriticalPublic PoC

Published: 13 January 2026

Published

13 January 2026

Modified

30 January 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0056 68.3th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Inbit Messenger 4.6.0 - 4.9.0 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by exploiting a stack overflow in the messenger's protocol. Attackers can send specially crafted XML packets to port 10883 with a…

malicious payload to trigger the vulnerability and execute commands with system privileges.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the stack overflow vulnerability (CWE-121/CWE-787) in Inbit Messenger versions 4.6.0-4.9.0 by applying patches or updates to eliminate the RCE flaw.

SC-7 Boundary Protection good match

prevent

Prevents unauthenticated remote attackers from reaching TCP port 10883 by enforcing boundary protections such as firewalls to block crafted XML packets.

SI-10 Information Input Validation good match

prevent

Stops exploitation of the protocol stack overflow by validating specially crafted XML packet inputs to ensure they do not exceed buffer bounds.

Security SummaryAI

CVE-2023-54329 is a remote command execution vulnerability affecting Inbit Messenger versions 4.6.0 through 4.9.0. The flaw stems from a stack overflow in the messenger's protocol, classified under CWE-121 (Stack-based Buffer Overflow) and CWE-787 (Out-of-bounds Write). It has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity with network accessibility, low complexity, no privileges or user interaction required.

Unauthenticated attackers can exploit this vulnerability by sending specially crafted XML packets to TCP port 10883 on a vulnerable Inbit Messenger instance. Successful exploitation triggers the stack overflow, enabling arbitrary command execution with system privileges on the target host.

Advisories and resources, including those from VulnCheck (https://www.vulncheck.com/advisories/inbit-messenger-unauthenticated-remote-command-execution-rce), Exploit-DB (https://www.exploit-db.com/exploits/51127), and GitHub writeups (https://github.com/a-rey/exploits/blob/main/writeups/Inbit_Messenger/v4.6.0/writeup.md), document the issue and provide exploit details for analysis. Security practitioners should review these for reproduction steps and apply any available updates or network controls to mitigate exposure on port 10883.

Details

CWE(s): CWE-121 CWE-787

Affected Products

inbit

inbit messenger

4.6.0 — 4.9.0

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Unauthenticated remote command execution via crafted XML packets to TCP port 10883 on public-facing Inbit Messenger enables exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/a-rey/exploits/blob/main/writeups/Inbit_Messenger/v4.6.0/writeup.md
Exploit, Third Party Advisory · disclosure@vulncheck.com
https://web.archive.org/web/20200122082432/https://www.softsea.com/review/Inbit-Messenger-Basic-Edition.html
Product · disclosure@vulncheck.com
https://www.exploit-db.com/exploits/51127
Exploit · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/inbit-messenger-unauthenticated-remote-command-execution-rce
Third Party Advisory · disclosure@vulncheck.com
https://github.com/a-rey/exploits/blob/main/writeups/Inbit_Messenger/v4.6.0/writeup.md
Exploit, Third Party Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0