Command Injection Vulnerability in Intelbras WiFiber 120AC
CVE-2022-40005

8.8HIGH

Key Information:

Vendor

Intelbras

Vendor
CVE Published:
25 December 2022

What is CVE-2022-40005?

The Intelbras WiFiber 120AC inMesh device is vulnerable to command injection attacks that can be exploited by authenticated users. This vulnerability allows attackers to execute arbitrary commands via specific HTTP URIs, such as /boaform/formPing6 and /boaform/formTracert, compromising the integrity of the system. Users must ensure their devices are updated to mitigate potential risks associated with this flaw.

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2022-40005 : Command Injection Vulnerability in Intelbras WiFiber 120AC