Lucene search

HuaweiCVELIST:CVE-2022-48616

HistoryDec 12, 2023 - 7:25 a.m.

CVE-2022-48616

2023-12-1207:25:05

CWE-78

huawei

www.cve.org

huawei

data communication

command injection

vulnerability

higher privileges

6.4 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

30.8%

JSON

A Huawei data communication product has a command injection vulnerability. Successful exploitation of this vulnerability may allow attackers to gain higher privileges.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "AR6000",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "AR6000 V300R019C10SPC300"
      },
      {
        "status": "affected",
        "version": "AR6000 V300R019C13SPC200"
      },
      {
        "status": "affected",
        "version": "AR6000 V300R021C00SPC200"
      },
      {
        "status": "affected",
        "version": "AR6000 V300R021C10SPC100"
      }
    ]
  }
]

References

wr3nchsr.github.io/huawei-netengine-ar617vw-auth-root-rce/

6.4 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

30.8%

JSON

Related for CVELIST:CVE-2022-48616