cbcvebase.
CVE-2022-40881
published 2022-11-17

CVE-2022-40881: SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php

PriorityP187critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
29.45%
97.9th percentile
SolarView Compact 6.00 was discovered to contain a command injection vulnerability via network_test.php

Affected

1 ranges
VendorProductVersion rangeFixed in
contecsolarview_compact_firmware

Detection & IOCsextracted from sources · hover to see the quote

path/network_test.php
otherhttp.favicon.hash:-244067125
commandhost=%0a{{cmd}}%0a&command=ping
  • Monitor HTTP POST requests to /network_test.php containing newline-encoded payloads (%0a) in the 'host' parameter, which is the injection vector for CVE-2022-40881.
  • Use Shodan favicon hash -244067125 to identify exposed SolarView Compact devices on the internet for asset discovery and prioritization.
  • GreyNoise began observing active exploitation attempts tagged as 'SolarView Compact 6 CVE-2022-40881 RCE Attempt' starting 2023-07-18, indicating mass internet scanning activity.
  • The injection payload uses ${IFS} as a space substitute (e.g., cat${IFS}/etc/passwd) to bypass simple input filtering; look for this pattern in POST body parameters.
  • ·The Nuclei template targets unauthenticated POST requests (PR:N), meaning no credentials are required to exploit the vulnerability; detection should not be limited to authenticated sessions.
  • ·The EPSS score of 0.93672 (99.846th percentile) indicates extremely high likelihood of exploitation in the wild; this CVE should be treated as actively exploited.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.