Intelbras WiFiber 120AC inMesh before 1-1-220826 allows command injection by authenticated users, as demonstrated by the /boaform/formPing6 and /boaform/formTracert URIs for ping and traceroute.
References
Link | Resource |
---|---|
https://cyberdanube.com/en/authenticated-command-injection-in-intelbras-wifiber-120ac-inmesh/ | Exploit Patch Third Party Advisory |
https://seclists.org/fulldisclosure/2022/Dec/13 | Exploit Mailing List Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-12-25T00:00:00
Updated: 2022-12-25T00:00:00
Reserved: 2022-09-06T00:00:00
Link: CVE-2022-40005
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-12-25T19:15:10.707
Modified: 2023-01-05T02:44:17.760
Link: CVE-2022-40005
JSON object: View
Redhat Information
No data.
CWE