Realtek GPON router - Command Injection
CVE-2022-40740

7.2HIGH

Key Information:

Vendor: Realtek
Status: Gpon Router
Vendor: CVE Published:; 3 January 2023

What is CVE-2022-40740?

The Realtek GPON Router is affected by a vulnerability due to insufficient filtering of special characters. An authenticated attacker with administrative privileges can exploit this flaw to execute arbitrary commands on the system. This may lead to manipulation of system settings or disruption of services, posing significant risks to the network's integrity and availability.

Affected Version(s)

GPON router SDK 1.9

References

https://www.twcert.org.tw/tw/cp-132-6831-19121-1.html

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 3, 2023
Vulnerability Reserved
Sep 15, 2022