Command Injection Vulnerability in Huawei Data Communication Products
CVE-2022-48616

6.4MEDIUM

Key Information:

Vendor: Huawei
Status: AR6000
Vendor: CVE Published:; 12 December 2023

What is CVE-2022-48616?

A command injection vulnerability exists in Huawei's data communication products, allowing an attacker to execute arbitrary commands. If exploited, this may lead to elevated privileges on the affected system, posing significant security risks. Proper remediation steps must be taken to safeguard against potential attacks.

Affected Version(s)

AR6000 AR6000 V300R019C10SPC300

AR6000 AR6000 V300R019C13SPC200

AR6000 AR6000 V300R021C00SPC200

References

https://wr3nchsr.github.io/huawei-netengine-ar617vw-auth-...

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2023
Vulnerability Reserved
Dec 12, 2023