CVE-2022-29013

Опубликовано: 09 июн. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Критический

Описание

A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request.

Ссылки

https://packetstormsecurity.com/files/166684/Razer-Sila-2.0.418-Command-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/50865
Exploit
Third Party Advisory
VDB Entry
https://www2.razer.com/ap-en/desktops-and-networking/razer-sila
Product
Vendor Advisory
https://packetstormsecurity.com/files/166684/Razer-Sila-2.0.418-Command-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/50865
Exploit
Third Party Advisory
VDB Entry
https://www2.razer.com/ap-en/desktops-and-networking/razer-sila
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:razer:sila_firmware:2.0.441_api-2.0.418:*:*:*:*:*:*:*

cpe:2.3:h:razer:sila:-:*:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.92694

Критический

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-4j2q-h92c-pm9c