CVE-2022-45717

CRITICAL WAF: High

CVSS 9.8 Published: 2022-12-23

CWE-78 CWE-78

IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. This vulnerability is exploited via a crafted GET request.

WAF Coverage Analysis

OS Command Injection High WAF Coverage

OWASP: A03:2021 Injection

932xxx - Remote Code Execution

OS Command Injection High WAF Coverage

OWASP: A03:2021 Injection

932xxx - Remote Code Execution

Affected Software

Vendor	Product	Version
ip-com	m50_firmware	15.11.0.33

References

hackmd.io
hackmd.io

Back to CVE Database