Privilege Escalation Vulnerability in ASKEY Router
CVE-2022-47040

7.8HIGH

Key Information:

Vendor: Askey
Status: Rtf3505vw-n1 Firmware
Vendor: CVE Published:; 26 January 2023

What is CVE-2022-47040?

A vulnerability in the ASKEY Router RTF3505VW-N1 allows attackers to escalate privileges by executing the tcpdump command. This exploitation occurs by placing a specially crafted file in the /tmp directory and sending malicious packets through port 80. Such vulnerabilities can lead to unauthorized access and control over the router's functionalities, raising significant security concerns.

References

https://github.com/leoservalli/Privilege-escalation-ASKEY

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 26, 2023
Vulnerability Reserved
Dec 12, 2022

Askey

What is CVE-2022-47040?

References

CVSS V3.1

Timeline