Lucene search

ONEKEYCVELIST:CVE-2022-4221

HistoryDec 01, 2022 - 9:26 a.m.

CVE-2022-4221 OS command injection in ASUS M25 NAS

2022-12-0109:26:48

CWE-78

ONEKEY

www.cve.org

asus

os command injection

vulnerability

unauthenticated attacker

cookie values

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.931 High

EPSS

Percentile

99.1%

JSON

Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "NAS-M25",
    "vendor": "Asus",
    "versions": [
      {
        "lessThanOrEqual": "1.0.1.7",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

onekey.com/blog/security-advisory-asus-m25-nas-vulnerability/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.931 High

EPSS

Percentile

99.1%

JSON

Related for CVELIST:CVE-2022-4221