8.8

CVE-2022-22986

Netcommunity OG410X and OG810X series (Netcommunity OG410Xa, OG410Xi, OG810Xa, and OG810Xi firmware Ver.2.28 and earlier) allow an attacker on the adjacent network to execute an arbitrary OS command via a specially crafted config file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ntt-eastOg410xa Firmware Version <= 2.28
   Ntt-eastOg410xa Version-
Ntt-eastOg410xi Firmware Version <= 2.28
   Ntt-eastOg410xi Version-
Ntt-eastOg810xa Firmware Version <= 2.28
   Ntt-eastOg810xa Version-
Ntt-eastOg810xi Firmware Version <= 2.28
   Ntt-eastOg810xi Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.71% 0.486
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 8.3 6.5 10
AV:A/AC:L/Au:N/C:C/I:C/A:C
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

https://business.ntt-east.co.jp/topics/2022/03_22.html
Vendor Advisory
https://jvn.jp/en/vu/JVNVU94900322/index.html
Third Party Advisory
VDB Entry
https://www.ntt-west.co.jp/smb/kiki_info/info/220322.html
Vendor Advisory