← Back

CVE-2022-22986

nvd nist
Published: Mar 31, 2022Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Netcommunity OG410X and OG810X series (Netcommunity OG410Xa, OG410Xi, OG810Xa, and OG810Xi firmware Ver.2.28 and earlier) allow an attacker on the adjacent network to execute an arbitrary OS command via a specially crafted config file.

Affected (4)

Ntt East
4 products
Og410xa Firmware
Og410xi Firmware
Og810xa Firmware
Og810xi Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Og410xa Firmware
Up to 2.28
Running on/withPlatform Versions
Ntt East
Og410xa
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Og410xi Firmware
Up to 2.28
Running on/withPlatform Versions
Ntt East
Og410xi
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Og810xa Firmware
Up to 2.28
Running on/withPlatform Versions
Ntt East
Og810xa
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Og810xi Firmware
Up to 2.28
Running on/withPlatform Versions
Ntt East
Og810xi
All versions

Related CWEs

CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (6)

Source: vultures@jpcert.or.jp
Vendor Advisory
Source: vultures@jpcert.or.jp
Third Party AdvisoryVDB Entry
Source: vultures@jpcert.or.jp
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.