← Back

Eternus Cs8000 Firmware

eternus_cs8000_firmware

Vendor: Fujitsu • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-31795
1Fujitsu
1Eternus Cs8000 Firmware
Nov 21, 2024
Jun 20, 2022
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the grel_finfo function in grel.php. An attacker is able to influence the username...Show more
An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the grel_finfo function in grel.php. An attacker is able to influence the username (user), password (pw), and file-name (file) parameters and inject special characters such as semicolons, backticks, or command-substitution sequences in order to force the application to execute arbitrary commands.Show less
CVE-2022-31794
1Fujitsu
1Eternus Cs8000 Firmware
Nov 21, 2024
Jun 20, 2022
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the requestTempFile function in hw_view.php. An attacker is able to influence the...Show more
An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the requestTempFile function in hw_view.php. An attacker is able to influence the unitName POST parameter and inject special characters such as semicolons, backticks, or command-substitution sequences in order to force the application to execute arbitrary commands.Show less