9.8

CVE-2022-36779

PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (with GPS)4 Unauthenticated OS Command Injection Proscend M330-w / M33-W5 / M350-5G / M350-W5G / M350-6 / M350-W6 / M301-G / M301-GW ADVICE ICR 111WG / https://www.proscend.com/en/category/industrial-Cellular-Router/industrial-Cellular-Router.html https://cdn.shopify.com/s/files/1/0036/9413/3297/files/ADVICE_Industrial_4G_LTE_Cellular_Router_ICR111WG.pdf?v=1620814301

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ProscendM330-w Firmware Version < 1.11
   ProscendM330-w Version-
ProscendM330-w5 Firmware Version < 1.11
   ProscendM330-w5 Version-
ProscendM350-5g Firmware Version < 1.02
   ProscendM350-5g Version-
ProscendM350-w5g Firmware Version < 1.02
   ProscendM350-w5g Version-
ProscendM350-6 Firmware Version < 1.02
   ProscendM350-6 Version-
ProscendM350-w6 Firmware Version < 1.02
   ProscendM350-w6 Version-
ProscendM301-g Firmware Version < 2.20
   ProscendM301-g Version-
ProscendM301-gw Firmware Version < 2.20
   ProscendM301-gw Version-
AdviceIcr 111wg Firmware Version < 1.11
   AdviceIcr 111wg Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 23.08% 0.958
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cna@cyber.gov.il 6.5 2.3 3.7
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.