exploitDog

CVE-2022-37861

Опубликовано: 15 сент. 2022

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

There is a remote code execution (RCE) vulnerability in Tenhot TWS-100 V4.0-201809201424 router device. It is necessary to know that the device account password is allowed to escape the execution system command through the network tools in the network diagnostic component.

Ссылки

http://www.tenhot.net/html/pro/wgzly/111704.html
Vendor Advisory
https://gist.github.com/ox01024/784894c27213c5a765b5c8f8375db256
Exploit
Third Party Advisory
http://www.tenhot.net/html/pro/wgzly/111704.html
Vendor Advisory
https://gist.github.com/ox01024/784894c27213c5a765b5c8f8375db256
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:tenhot:tws-100_firmware:4.0-201809201424:*:*:*:*:*:*:*

cpe:2.3:h:tenhot:tws-100:-:*:*:*:*:*:*:*

EPSS

Процентиль: 87%

0.03573

Низкий

9.8 Critical

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-v4r7-qcrq-8vp4

CVSS3: 9.8

github

больше 3 лет назад

There is a remote code execution (RCE) vulnerability in Tenhot TWS-100 V4.0-201809201424 router device. It is necessary to know that the device account password is allowed to escape the execution system command through the network tools in the network diagnostic component.

EPSS

Процентиль: 87%

0.03573

Низкий

9.8 Critical

CVSS3

Дефекты

NVD-CWE-noinfo