Intelbras WiFiber 120AC inMesh before 1-1-220826 allows command injection by authenticated users, as demonstrated by the /boaform/formPing6 and /boaform/formTracert URIs for ping and traceroute.
References
Link | Resource |
---|---|
https://cyberdanube.com/en/authenticated-command-injection-in-intelbras-wifiber-120ac-inmesh/ | Exploit Patch Third Party Advisory |
https://seclists.org/fulldisclosure/2022/Dec/13 | Exploit Mailing List Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
05 Jan 2023, 02:44
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:intelbras:wifiber_120ac_inmesh:-:*:*:*:*:*:*:* cpe:2.3:o:intelbras:wifiber_120ac_inmesh_firmware:*:*:*:*:*:*:*:* |
|
First Time |
Intelbras wifiber 120ac Inmesh Firmware
Intelbras wifiber 120ac Inmesh Intelbras |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CWE | CWE-78 | |
References | (MISC) https://seclists.org/fulldisclosure/2022/Dec/13 - Exploit, Mailing List, Patch, Third Party Advisory | |
References | (MISC) https://cyberdanube.com/en/authenticated-command-injection-in-intelbras-wifiber-120ac-inmesh/ - Exploit, Patch, Third Party Advisory |
25 Dec 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-12-25 19:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-40005
Mitre link : CVE-2022-40005
CVE.ORG link : CVE-2022-40005
JSON object : View
Products Affected
intelbras
- wifiber_120ac_inmesh
- wifiber_120ac_inmesh_firmware
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')