Description

Command injection vulnerability in Manual Ping Form (Web UI) in Shenzhen Ejoin Information Technology Co., Ltd. ACOM508/ACOM516/ACOM532 609-915-041-100-020 allows a remote attacker to inject arbitrary code via the field.

Related CPE's

o

ejointech

acom508_firmware

Vulnerable

h

ejointech

acom508

-

o

ejointech

acom532_firmware

Vulnerable

h

ejointech

acom532

-

o

ejointech

acom516_firmware

-

Vulnerable

h

ejointech

acom516

-

References

http://en.ejointech.com/

Vendor Advisory

https://drive.google.com/drive/folders/1QRs6wos3mL9289TTUm98n5OmgBVrbYTx

ExploitThird Party Advisory

https://github.com/kyl3song/CVE/tree/main/CVE-2022-23332

ExploitThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-94

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2022-05-09T14:15:08.103

3 years ago

Last modified

2023-08-08T14:22:24.967

1 year ago