CVE-2022-45996OS Command Injection in W20e Firmware

CWE-78OS Command InjectionCWE-77Command Injection3 documents3 sources
Severity
7.2HIGHNVD
EPSS
11.5%
top 6.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tenda W20e Firmware
Timeline
PublishedDec 12

Description

Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection via cmd_get_ping_output.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

NVDtenda/w20e_firmware16.01.0.6\(3392\)

🔴Vulnerability Details

2
GHSA
GHSA-gfwq-rc4c-9m52: Tenda W20E V162022-12-12
CVEList
CVE-2022-45996: Tenda W20E V162022-12-12
CVE-2022-45996 — OS Command Injection in Tenda | cvebase