CVE-2022-47040

Published: Jan 26, 2023Modified: Apr 2, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An issue in ASKEY router RTF3505VW-N1 BR_SV_g000_R3505VMN1001_s32_7 allows attackers to escalate privileges via running the tcpdump command after placing a crafted file in the /tmp directory and sending crafted packets through port 80.

Affected (1)

Products: Askey: Rtf3505vw N1 Firmware

Askey

1 product

Rtf3505vw N1 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Askey Rtf3505vw N1 Firmware	Version br_sv_g000_r3505vmn1001_s32_7

Running on/with	Platform Versions
Askey Rtf3505vw N1	All versions

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://github.com/leoservalli/Privilege-escalation-ASKEY

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/leoservalli/Privilege-escalation-ASKEY

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.