Realtek GPON router has insufficient filtering for special characters. A remote attacker authenticated as an administrator can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/tw/cp-132-6831-19121-1.html | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
10 Jul 2023, 18:48
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-Other |
10 Jan 2023, 02:09
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.twcert.org.tw/tw/cp-132-6831-19121-1.html - Third Party Advisory, VDB Entry | |
First Time |
Realtek usdk
Realtek Realtek xpon Software Development Kit |
|
CWE | CWE-78 | |
CPE | cpe:2.3:a:realtek:xpon_software_development_kit:1.9:*:*:*:*:*:*:* cpe:2.3:a:realtek:xpon_software_development_kit:3.3:*:*:*:*:*:*:* cpe:2.3:a:realtek:usdk:1.0:*:*:*:*:*:*:* cpe:2.3:a:realtek:usdk:2.0:*:*:*:*:*:*:* cpe:2.3:a:realtek:xpon_software_development_kit:4.0:*:*:*:*:*:*:* cpe:2.3:a:realtek:xpon_software_development_kit:4.1:*:*:*:*:*:*:* cpe:2.3:a:realtek:usdk:2.2:*:*:*:*:*:*:* |
03 Jan 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-03 03:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-40740
Mitre link : CVE-2022-40740
CVE.ORG link : CVE-2022-40740
JSON object : View
Products Affected
realtek
- xpon_software_development_kit
- usdk
CWE
NVD-CWE-Other
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')