CVE-2022-36779

PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (with GPS)4 Unauthenticated OS Command Injection Proscend M330-w / M33-W5 / M350-5G / M350-W5G / M350-6 / M350-W6 / M301-G / M301-GW ADVICE ICR 111WG / https://www.proscend.com/en/category/industrial-Cellular-Router/industrial-Cellular-Router.html https://cdn.shopify.com/s/files/1/0036/9413/3297/files/ADVICE_Industrial_4G_LTE_Cellular_Router_ICR111WG.pdf?v=1620814301

CVSS v3.0 9.8 CRITICAL

9.8^/10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.gov.il/en/departments/faq/cve_advisories	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:proscend:m330-w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:proscend:m330-w:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:proscend:m330-w5_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:proscend:m330-w5:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:proscend:m350-5g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:proscend:m350-5g:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:proscend:m350-w5g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:proscend:m350-w5g:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:proscend:m350-6_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:proscend:m350-6:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:proscend:m350-w6_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:proscend:m350-w6:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:proscend:m301-g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:proscend:m301-g:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:proscend:m301-gw_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:proscend:m301-gw:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:advice:icr_111wg_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:advice:icr_111wg:-:*:*:*:*:*:*:*

Information

Published : 2022-09-13 08:15

Updated : 2022-09-15 19:32

NVD link : CVE-2022-36779

Mitre link : CVE-2022-36779

JSON object : View

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Products Affected

proscend

m350-5g_firmware
m350-6
m350-w6
m301-g_firmware
m330-w5_firmware
m330-w5
m350-w5g_firmware
m301-gw
m350-w5g
m330-w_firmware
m350-5g
m350-6_firmware
m330-w
m350-w6_firmware
m301-g
m301-gw_firmware

advice

icr_111wg_firmware
icr_111wg

9.8 /10