exploitDog

CVE-2022-45497

Опубликовано: 08 дек. 2022

Источник: nvd

CVSS3: 9.8

EPSS Средний

Описание

Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection vulnerability in the tpi_get_ping_output function at /goform/exeCommand.

Ссылки

https://github.com/z1r00/IOT_Vul/blob/main/Tenda/W6-S/exeCommand/readme.md
Exploit
Third Party Advisory
https://github.com/z1r00/IOT_Vul/blob/main/Tenda/W6-S/exeCommand/readme.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:tenda:w6-s_firmware:1.0.0.4\(510\):*:*:*:*:*:*:*

cpe:2.3:h:tenda:w6-s:-:*:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.18362

Средний

9.8 Critical

CVSS3

Дефекты

CWE-78

CWE-78

Связанные уязвимости

GHSA-pfw9-5vx2-rm8m

CVSS3: 9.8

github

около 3 лет назад

Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection vulnerability in the tpi_get_ping_output function at /goform/exeCommand.

EPSS

Процентиль: 95%

0.18362

Средний

9.8 Critical

CVSS3

Дефекты

CWE-78

CWE-78