CVE-2022-37861

Published: Sep 15, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

There is a remote code execution (RCE) vulnerability in Tenhot TWS-100 V4.0-201809201424 router device. It is necessary to know that the device account password is allowed to escape the execution system command through the network tools in the network diagnostic component.

Affected (1)

Products: Tenhot: Tws 100 Firmware

1 product

Tws 100 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Tenhot Tws 100 Firmware	Version 4.0-201809201424

Running on/with	Platform Versions
Tenhot Tws 100	All versions

References (4)

http://www.tenhot.net/html/pro/wgzly/111704.html

Source: cve@mitre.org

Vendor Advisory

https://gist.github.com/ox01024/784894c27213c5a765b5c8f8375db256

Source: cve@mitre.org

ExploitThird Party Advisory

http://www.tenhot.net/html/pro/wgzly/111704.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://gist.github.com/ox01024/784894c27213c5a765b5c8f8375db256

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.