HIGH🇬🇧 English

CVE-2022-47616

CVSS 7.2v3.1pub. 2023-06-02upd. 2024-11-21

Hitron CODA-5310 has insufficient filtering for specific parameters in the connection test function. A remote attacker authenticated as an administrator, can use the management page to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Hitrontech Coda 5310

    HW
    Hitrontech
    wszystkie wersje
  • Hitrontech Coda 5310 Firmware

    OS
    Hitrontech
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Command Injection
CWE
Referencje

Powiązane podatności

CVE-2023-30603CRITICAL9.8ten sam produkt

Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning o...

CVE-2023-30604CRITICAL9.8ten sam produkt

It is identified a vulnerability of insufficient authentication in the system configuration interface of Hitro...

CVE-2022-47617HIGH7.2ten sam produkt

Hitron CODA-5310 has hard-coded encryption/decryption keys in the program code. A remote attacker authenticate...

CVE-2023-30602HIGH7.5ten sam produkt

Hitron Technologies CODA-5310’s Telnet function transfers sensitive data in plaintext. An unauthenticated remo...

CVE-2024-25730CRITICAL9.8PL ✓ten sam vendor

Hitron CODA-4582/4589 — słabe domyślne klucze PSK z niewystarczającą entropią