Command Injection Vulnerability in Realtek RTL819X-SDK Web Interface
CVE-2022-29558

8.8HIGH

Key Information:

Vendor: Realtek
Status: Rtl819x Software Development Kit
Vendor: CVE Published:; 28 July 2022

What is CVE-2022-29558?

A command injection vulnerability has been identified in the Realtek RTL819X-SDK that affects versions prior to v3.6.1. The flaw allows attackers to execute arbitrary commands on the device via the web interface. If exploited, this vulnerability could lead to unauthorized access and control over the affected systems, posing a significant risk to network security.

References

https://www.realtek.com

x_refsource_MISC

https://www.realtek.com/images/safe-report/Realtek_APRout...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2022
Vulnerability Reserved
Apr 21, 2022