CVE-2021-46422

Опубликовано: 27 апр. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Критический

Описание

Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.

Ссылки

http://packetstormsecurity.com/files/167201/SDT-CW3B1-1.1.0-Command-Injection.html
Third Party Advisory
http://packetstormsecurity.com/files/167387/Telesquare-SDT-CW3B1-1.1.0-Command-Injection.html
Exploit
Third Party Advisory
https://drive.google.com/drive/folders/1YJlVlb4SlTEGONzIjiMwd2P7ucP_Pm7T?usp=sharing
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/167201/SDT-CW3B1-1.1.0-Command-Injection.html
Third Party Advisory
http://packetstormsecurity.com/files/167387/Telesquare-SDT-CW3B1-1.1.0-Command-Injection.html
Exploit
Third Party Advisory
https://drive.google.com/drive/folders/1YJlVlb4SlTEGONzIjiMwd2P7ucP_Pm7T?usp=sharing
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:telesquare:sdt-cs3b1_firmware:1.1.0:*:*:*:*:*:*:*

cpe:2.3:h:telesquare:sdt-cs3b1:-:*:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.93876

Критический

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-8557-gh6f-6c42