CVE-2022-48472 — OS Command Injection in Huawei Bisheng-wnm

CWE-78 — OS Command Injection3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

2.8%

top 13.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Bisheng-wnm Huawei Bisheng-wnm Firmware Huawei Ota-bisheng Firmware

Timeline

PublishedJun 16

Description

A Huawei printer has a system command injection vulnerability. Successful exploitation could lead to remote code execution. Affected product versions include:BiSheng-WNM versions OTA-BiSheng-FW-2.0.0.211-beta,BiSheng-WNM FW 3.0.0.325,BiSheng-WNM FW 2.0.0.211.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5huawei/bisheng-wnmBiSheng-WNM FW 2.0.0.211, BiSheng-WNM FW 3.0.0.325, OTA-BiSheng-FW-2.0.0.211-beta+2

▶NVDhuawei/bisheng-wnm_firmware2.0.0.211, 3.0.0.325+1

▶NVDhuawei/ota-bisheng_firmware2.0.0.211

🔴Vulnerability Details

GHSA

GHSA-6c9v-6mg8-c59h: A Huawei printer has a system command injection vulnerability↗2023-06-16

▶

CVEList

CVE-2022-48472: A Huawei printer has a system command injection vulnerability↗2023-06-16

▶