CVE-2022-46597
CRITICAL WAF: High
CVSS 9.8
Published: 2022-12-30
CWE-78 CWE-78
TRENDnet TEW755AP 1.13B01 was discovered to contain a command injection vulnerability via the sys_service parameter in the setup_wizard_mydlink (sub_4104B8) function.
WAF Coverage Analysis
OS Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
OS Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Affected Software
| Vendor | Product | Version |
|---|---|---|
| trendnet | tew-755ap_firmware | 1.13b01 |
References
- brief-nymphea-813.notion.site (Exploit, Third Party Advisory)