cbcvebase.
CVE-2022-29013
published 2022-06-09

CVE-2022-29013: A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST…

PriorityP191critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
77.14%
99.5th percentile
A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request.

Affected

1 ranges
VendorProductVersion rangeFixed in
razersila_firmware

Detection & IOCsextracted from sources · hover to see the quote

url/ubus/
command{"jsonrpc":"2.0","id":3,"method":"call","params":["30ebdc7dd1f519beb4b2175e9dd8463e","file","exec",{"command":"id"}]}
other30ebdc7dd1f519beb4b2175e9dd8463e
yara
regex: 'uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)'
  • Detect exploit attempts by monitoring for POST requests to /ubus/ containing JSON-RPC 'call' method with 'file'+'exec' params and a 'command' key — characteristic of CVE-2022-29013 command injection.
  • Successful exploitation returns an HTTP 200 response with Content-Type 'application/json' and a body matching 'uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)', indicating arbitrary command execution as root.
  • Exploit requests include the custom header 'X-Requested-With: XMLHttpRequest' alongside Origin and Referer headers pointing to the router's root URL — use these as additional correlation signals.
  • The ubus session token '30ebdc7dd1f519beb4b2175e9dd8463e' appears hardcoded in the exploit payload; its presence in POST body to /ubus/ is a high-fidelity indicator of this specific exploit.
  • ·The vulnerability is unauthenticated (PR:N) and network-accessible (AV:N), meaning no credentials or prior access are required to exploit the /ubus/ endpoint.
  • ·The affected version is specifically Razer Sila Gaming Router v2.0.441_api-2.0.418; detections should be scoped to this firmware version where possible.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.