CVE-2022-35269

Опубликовано: 25 окт. 2022

Источник: nvd

CVSS3: 4.9

CVSS3: 7.5

EPSS Низкий

Описание

A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the /action/import_e2c_json_file/ API.

Ссылки

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1575
Exploit
Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1575
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:robustel:r1510_firmware:3.1.16:*:*:*:*:*:*:*

cpe:2.3:o:robustel:r1510_firmware:3.3.0:*:*:*:*:*:*:*

cpe:2.3:h:robustel:r1510:-:*:*:*:*:*:*:*

EPSS

Процентиль: 62%

0.00426

Низкий

4.9 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-125

CWE-77

Связанные уязвимости

GHSA-44jm-p9rx-ff96

CVSS3: 7.5

github

больше 3 лет назад

A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_e2c_json_file/` API is affected by command injection vulnerability.

EPSS

Процентиль: 62%

0.00426

Низкий

4.9 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-125

CWE-77