Summaryinfo

A vulnerability, which was classified as critical, has been found in IP-COM M50 15.11.0.33. The impacted element is the function formSetNetCheckTools. The manipulation of the argument Hostname leads to command injection. This vulnerability is uniquely identified as CVE-2022-45711. No exploit exists. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Detailsinfo

A vulnerability was found in IP-COM M50 15.11.0.33 and classified as critical. This issue affects the function formSetNetCheckTools. The manipulation of the argument hostname with an unknown input leads to a command injection vulnerability. Using CWE to declare the problem leads to CWE-77. The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. Impacted is confidentiality, integrity, and availability. The summary by CVE is:

IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the hostname parameter in the formSetNetCheckTools function.

The weakness was disclosed 12/24/2022. It is possible to read the advisory at hackmd.io. The identification of this vulnerability is CVE-2022-45711 since 11/21/2022. Technical details of the vulnerability are known, but there is no available exploit. The attack technique deployed by this issue is T1202 according to MITRE ATT&CK.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Vendor

• IP-COM

Name

• M50

Version

• 15.11.0.33

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion