CVE-2022-37861 - OpenCVE

There is a remote code execution (RCE) vulnerability in Tenhot TWS-100 V4.0-201809201424 router device. It is necessary to know that the device account password is allowed to escape the execution system command through the network tools in the network diagnostic component.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Tenhot	Tws-100 Firmware Tws-100

Configuration 1 [-]

AND

cpe:2.3:o:tenhot:tws-100_firmware:4.0-201809201424:*:*:*:*:*:*:*

cpe:2.3:h:tenhot:tws-100:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.tenhot.net/html/pro/wgzly/111704.html	Vendor Advisory
https://gist.github.com/ox01024/784894c27213c5a765b5c8f8375db256	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-09-15T15:48:31

Updated: 2022-09-15T15:48:31

Reserved: 2022-08-08T00:00:00

Link: CVE-2022-37861

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-09-15T16:15:10.447

Modified: 2022-09-20T12:28:14.320

Link: CVE-2022-37861

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "There is a remote code execution (RCE) vulnerability in Tenhot TWS-100 V4.0-201809201424 router device. It is necessary to know that the device account password is allowed to escape the execution system command through the network tools in the network diagnostic component."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-15T15:48:31", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.tenhot.net/html/pro/wgzly/111704.html"}, {"tags": ["x_refsource_MISC"], "url": "https://gist.github.com/ox01024/784894c27213c5a765b5c8f8375db256"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-37861", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "There is a remote code execution (RCE) vulnerability in Tenhot TWS-100 V4.0-201809201424 router device. It is necessary to know that the device account password is allowed to escape the execution system command through the network tools in the network diagnostic component."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.tenhot.net/html/pro/wgzly/111704.html", "refsource": "MISC", "url": "http://www.tenhot.net/html/pro/wgzly/111704.html"}, {"name": "https://gist.github.com/ox01024/784894c27213c5a765b5c8f8375db256", "refsource": "MISC", "url": "https://gist.github.com/ox01024/784894c27213c5a765b5c8f8375db256"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-37861", "datePublished": "2022-09-15T15:48:31", "dateReserved": "2022-08-08T00:00:00", "dateUpdated": "2022-09-15T15:48:31", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}